The package ships with a service file that can be enabled as a SystemD service to run at start-up by running:

$ sudo systemctl start humio-log-collector.service

And configured to start on boot using:

$ sudo systemctl enable humio-log-collector.service

You can now grant access to system logs, By default, the logscale-collector (Custom install humio-log-collector) process will run as the logscale-collector user, which is installed by the package and won't have access to logs in /var/log. This can be granted by adding the user to the adm group.

this can be granted by adding the user to the adm group.

$ sudo usermod -a -G adm humio-log-collector

To access log files you need to have read rights on the system, you can add the following to your SystemD unit file to grant read access to all files.

AmbientCapabilities = CAP_DAC_READ_SEARCH;

We recommend using specific access permissions to files or using ACLs, for example access systemd journal can be granted using the following:

$ sudo usermod -a -G systemd-journal humio-log-collector

Only root users can bind to port < 1024. To bind to a lower port number you can give special permissions to the logscale-collector binary.

$ sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/humio-log-collector
$ sudo systemctl restart humio-log-collector

If a firewall has been configured on your system it may interfere with the sending of Syslog data. The firewall configuration will need to be updated to allow the default syslog port, 1515, through the firewall.

On RedHat or Debian Linux installations this can be achieved using the command:

$ sudo firewall-cmd --add-port=1515/tcp  --permanent

Other Linux installations may need a different configuration.