Ingest syslog data using OpenTelemetry Collector
Stream syslog via OpenTelemetry Collector if you already collect logs with it or if a specific use case requires an additional component, for example, forwarding logs to different targets. If you want to benefit from a secure, trusted edge component with enterprise support and life-cycle management, see Syslog ingestion with ActiveGate.
If Linux system syslog observability is your main focus, we recommend deploying OneAgent, which autodiscovers host syslog data, preserves topology context, and requires minimal configuration and maintenance.
The following configuration example shows how to configure a Collector instance to receive data from syslog and send it to the Dynatrace backend.
Prerequisites
- One of the following Collector distributions with the Syslog receiver:
- The Dynatrace Collector
- OpenTelemetry Contrib
- A custom Builder version
- The Dynatrace API endpoint URL to which the data should be exported
- An API token with the relevant access scope (only required for SaaS and ActiveGate)
Demo configuration
receivers:syslog/f5:tcp:listen_address: "0.0.0.0:54526"protocol: rfc5424operators:- type: addfield: attributes.log.sourcevalue: syslog- type: addfield: attributes.dt.ip_addressesvalue: "1xx.xx.xx.xx1"- type: addfield: attributes.instance.namevalue: "ip-1xx-xx-x-xx9.ec2.internal"- type: addfield: attributes.device.typevalue: "f5bigip"syslog/host:tcp:listen_address: "0.0.0.0:54527"protocol: rfc5424operators:- type: addfield: attributes.log.sourcevalue: syslog- type: addfield: attributes.device.typevalue: "ubuntu-syslog"exporters:otlphttp:endpoint: ${env:DT_ENDPOINT}headers:Authorization: "Api-Token ${env:DT_API_TOKEN}"service:pipelines:traces: nullmetrics: nulllogs:receivers: [syslog/f5, syslog/host]processors: []exporters: [otlphttp]
Validate your settings to avoid any configuration issues.
Components
For our configuration, we use the following components.
ReceiverS
Under receivers
, we specify two instances of the syslog
receiver as active receiver components for our Collector instance.
The Syslog receiver supports a number of configuration parameters, which enable you to customize its behavior. For our example, we use the following:
tcp
—Specifies a TCP listener for the receiver and configures ports 54526 and 54527protocol
—Specifies the RFC 5424 implementation for our receiver (alternatively, RFC 3164 is also supported)operators
—Configures the operators we apply to each log entry. For our example, we use the add operator to add additional information.field
—Specifies the name of value we are addingvalue
—Specifies the content of the value we are adding
Exporters
Under exporters
, we specify the default otlphttp
exporter and configure it with our Dynatrace API URL and the required authentication token.
For this purpose, we set the following two environment variables and reference them in the configuration values for endpoint
and Authorization
.
DT_ENDPOINT
contains the base URL of your ActiveGate (for example,https://{your-environment-id}.live.dynatrace.com/api/v2/otlp
)DT_API_TOKEN
contains the API token
Service pipelines
Under service
, we eventually assemble our receiver and exporter objects into a traces pipeline, which uses the receiver instances to obtain syslog data and ingest it into Dynatrace using OTLP.
Limits and limitations
Logs are ingested using the OpenTelemetry protocol (OTLP) via the Dynatrace OTLP API and are subject to the API's limits and restrictions. For more information see: