Make Your Logs Work for You

The days of logging in to servers and manually viewing log files are over. SolarWinds® Papertrail™ aggregates logs from applications, devices, and platforms to a central location.

View Technology Info

FEATURED TECHNOLOGY

Troubleshoot Fast and Enjoy It

SolarWinds® Papertrail™ provides cloud-based log management that seamlessly aggregates logs from applications, servers, network devices, services, platforms, and much more.

View Capabilities Info

FEATURED CAPABILITIES

Aggregate and Search Any Log

SolarWinds® Papertrail™ provides lightning-fast search, live tail, flexible system groups, team-wide access, and integration with popular communications platforms like PagerDuty and Slack to help you quickly track down customer problems, debug app requests, or troubleshoot slow database queries.

View Languages Info

FEATURED LANGUAGES

TBD - APM Integration Title

TBD - APM Integration Description

TBD Link

APM Integration Feature List

TBD - Built for Collaboration Title

TBD - Built for Collaboration Description

TBD Link

Built for Collaboration Feature List

Collect Logs: Apps & Services > Unix and BSD system logs

Unix and BSD system logs

Configure remote syslog from Unix/Linux and BSD/macOS to send logs to Papertrail.

To log from a Unix system, edit the system’s syslog daemon config file. These instructions are a reference. Papertrail will provide more specific instructions (including a log destination) when you add a system.

These instructions will typically pick up operating system logs. Some apps write logs directly to text files, bypassing the syslog daemon. To collect logs from these apps, use remote_syslog2 instead.

Determine system logger

See which logger your system uses. Run:

ls -d /etc/*syslog*

Which filename is listed? rsyslog.conf, syslog-ng.conf, syslog.conf, or none.

rsyslog.conf

rsyslog is often seen on: Debian; Fedora; SuSE; Ubuntu; most other Linux distributions.

Configure rsyslog

As root, edit /etc/rsyslog.conf or /etc/syslog.conf with a text editor (like pico or vi). Paste a line like this at the end of the file:

*.*                       @logsN.papertrailapp.com:XXXXX

Replace logsN and XXXXX with the host and port from Papertrail’s Web interface. (seen on Add Systems or Log Destinations).

Activate change

Tell rsyslog to activate the change (on most OSes):

$ sudo /etc/init.d/rsyslog restart

On Ubuntu:

$ sudo service rsyslog restart

Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.

By default, rsyslog sends messages from the system’s hostname (such as www42). To change this behavior and choose your own hostname or use the FQDN, see How can I override the hostname?.

syslog-ng.conf

syslog-ng is often seen on: Gentoo 2005.0+; SuSE 9.3+.

Configure syslog-ng

As root, edit /etc/syslog-ng.conf with a text editor. Find a line starting with source. For example: source s_sys {..}.

At the end of the file, paste this configuration. Replace s_sys with the source name above, typically s_sys, src, s_all, or s_local:

destination d_papertrail {
udp("logsN.papertrailapp.com" port(XXXXX));
};
# replace "s_sys" with the name you found:
log { source(s_sys); destination(d_papertrail); };

Replace logsN and XXXXX with the host and port from Papertrail’s Web interface (seen on Add Systems or Log Destinations).

Activate change

Tell syslog-ng to activate the change:

$ sudo killall -HUP syslog-ng

Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.

syslog.conf

syslogd and sysklogd are often seen on: BSDs; CentOS; Gentoo 2004.3 and older; Mac macOS; RHEL; Slackware; Solaris; most other Unices.

remote_syslog2 can be used in lieu of syslogd.

Some versions of syslog do not support custom ports and must use the default port 514, but modern BSD versions (including macOS) support custom ports.

Default port (514)

  1. Visit Add Systems and select “I’d like to aggregate system/OS logs from something else…“.
  2. Under Less common setup methods below the search area, click My syslog daemon only sends to port 514.
  3. Provide Papertrail with this device’s Internet-facing public (external NAT) IP.

Then, follow the additional instructions to configure the daemon.

Custom port

Configure syslogd

As root, edit /etc/syslog.conf with a text editor (like pico or vi). Paste this line at the end of the file:

*.*                                @logsN.papertrailapp.com:XXXXX

replacing logsN and XXXXX with the values from the log destination.

Activate change

Tell syslog to activate the change (on most OS’s):

$ sudo killall -HUP syslog syslogd

Log messages should begin appearing in Papertrail.

Test (optional)

To confirm messages are being sent and received, you can generate a test message by running:

$ logger "Testing Papertrail message delivery"

The test message should appear nn the event viewer almost immediately. If it doesn’t arrive, try sending a standalone test message.

No syslog configuration found(optional)

If ls -d /etc/*syslog* did not find any matching files, try these:

  • On Fedora Linux 20 and later, install the rsyslog package (why?). Run: sudo yum install rsyslog
  • On other Linux distributions and Unix variants other than Linux, try looking for files containing syslog outside of /etc/. Run: sudo find / -name "*syslog*" -print
  • Ask us. We’ve probably seen it.

Logs not appearing?

The most common cause is a local or external firewall blocking outbound UDP traffic. Solve this by adding an allow rule based on the port number shown on Log Destinations.

For more generic troubleshooting information, see Troubleshooting remote syslog reachability.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.