Skip to main content

Configuring TLS on rsyslog

Introduction

This document explains how to configure rsyslog to support TLS connections, which is necessary for sending logs to Coralogix syslog endpoints.

Prerequisites

  • Ubuntu 22.04 (or newer)

Configuration

STEP 1. Install the gtls driver and ca-certificates:

sudo apt update -y
sudo apt install rsyslog-gnutls ca-certificates

STEP 2. Modify the rsyslog configuration file:

$DefaultNetstreamDriver gtls $DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode x509/name $ActionSendStreamDriverPermittedPeer *.coralogix.com $template CoralogixSyslogFormat,"{\"fields\": {\"private_key\":\"xxxx\",\"application_name\":\"vagrant\",\"subsystem_name\":\"syslog\"},\"message\": {\"message\":\"%msg:::json%\"}}\n" *.* @@syslog.eu2.coralogix.com:6514;CoralogixSyslogFormat

STEP 3. Restart rsyslog:

sudo systemctl restart rsyslog

Troubleshooting

STEP 1. Check the status of the rsyslog service:

sudo systemctl status rsyslog

STEP 2. Check for any errors in the journalctl logs:

sudo journalctl -f -u rsyslog

Additional resources

Coralogix EndpointsCoralogix Endpoints
Last updated on
On this page
Was this page helpful?