syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Open Source Edition


7.11. logmatic: Using

The logmatic() destination sends log messages to the Logging-as-a-Service provider. You can send log messages over TCP, or encrypted with TLS.


Example 7.25. Using the logmatic() driver

To use the logmatic() destination, the only mandatory parameter is your user token. The following example sends every log from the system() source to your account.

log {
    source { system(); };
    destination { logmatic(token("<API-KEY-AS-PROVIDED-BY-LOGMATIC.IO>")); };

The following example uses TLS encryption. Before using it, download the CA certificate of and copy it to your hosts (for example, into the /etc/ssl/certs/ directory.

log {
    destination {
        logmatic(token("<API-KEY-AS-PROVIDED-BY-LOGMATIC.IO>") port(6514)
            tls(peer-verify(required-trusted) ca-dir('/etc/ssl/certs'))

The following example parses the access logs of an Apache webserver from a file and sends them to in JSON format.

log {
    source { file("/var/log/apache2/access.log" flags(no-parse)); };
    parser { apache-accesslog-parser(); };
    destination {
           template("$(format-json .apache.* timestamp=${ISODATE})"));

To use the logmatic() driver, the scl.conf file must be included in your syslog-ng OSE configuration:

@include "scl.conf"

The logmatic() driver is actually a reusable configuration snippet configured to send log messages using the tcp() driver using a template. For details on using or writing such configuration snippets, see Section 5.6.2, Reusing configuration blocks. You can find the source of this configuration snippet on GitHub.