Papertrail Knowledge Base

Configuring remote syslog from Unix/Linux and BSD/OS X

To log from a Unix system, edit the system's syslog daemon config file. These instructions are a reference. Papertrail will provide more specific instructions (including a log destination) when you add a system.

Determine System Logger

See which logger your system uses. Run:

ls -d /etc/*syslog*

Which filename is listed? rsyslog.conf, syslog-ng.conf, or syslog.conf.


Configuration: rsyslog.conf

rsyslog is often seen on: Debian; Fedora; SuSE; Ubuntu; most other Linux distributions.

1. Configure rsyslog

As root, edit /etc/rsyslog.conf or /etc/syslog.conf with a text editor (like pico or vi). Paste this line at the end of the file:

*.*                                         @logs.papertrailapp.com

Note: The hostname used above is logs.papertrailapp.com. If you received a hostname and port when registering this system with Papertrail, use that hostname:port string instead. For example:

*.*                                         @<host>.papertrailapp.com:1234

To find your settings, go to https://papertrailapp.com/systems/setup

2. Activate change

Tell rsyslog to activate the change (on most OS's):

sudo killall -HUP rsyslog rsyslogd

On Ubuntu:

sudo service rsyslog restart

Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.

By default, rsyslog sends messages from the system's hostname (such as www42). To change this behavior and choose your own hostname or use the FQDN, see How can I override the hostname?.


Configuration: syslog-ng.conf

syslog-ng is often seen on: Gentoo 2005.0+; SuSE 9.3+.

1. Configure syslog-ng

As root, edit /etc/syslog-ng.conf with a text editor. Find a line starting with source. For example: source s_sys {..}.

At the end of the file, paste this configuration. Replace s_sys with the source name above, typically s_sys, src, s_all, or s_local:

destination d_papertrail {
  udp("logs.papertrailapp.com" port(514));
};

# replace "s_sys" with the name you found:
log { source(s_sys); destination(d_papertrail); };

Note: If you received a destination port as well as a hostname when registering this system with Papertrail, change 514 and logs.papertrailapp.com to the port and hostname given. To find your settings, go to https://papertrailapp.com/systems/setup

2. Activate change

Tell syslog-ng to activate the change:

sudo killall -HUP syslog-ng

Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.


Configuration: syslog.conf

syslogd and sysklogd are often seen on: BSDs; CentOS; Gentoo 2004.3 and older; Mac OS X; RHEL; Slackware; Solaris; most other Unices.

remote_syslog can also be used in lieu of syslogd.

1. Register your system's source IP.

Provide Papertrail with the source IP on Add System.

2. Configure syslogd

As root, edit /etc/syslog.conf with a text editor (like pico or vi). Paste this line at the end of the file:

*.*                                         @logs.papertrailapp.com

3. Activate change

Tell syslog to activate the change (on most OS's):

sudo killall -HUP syslog syslogd

Log messages should begin appearing in Papertrail.


Test (optional)

To confirm messages are being sent and received, you can generate a test message by running: logger "Testing Papertrail message delivery"

The test message should appear on the system's event history almost immediately. If it doesn't arrive, try sending a standalone test message.