Installing the LogScale Collector

The following pages describe details on compatibility and how to download and install the LogScale Collector using the Downloading and Installing LogScale Collector (Full Install).

We also offer a custom install which requires different procedures depending on your operating system, see Custom Installation

To obtain a list of installers and download them from the command line, see Downloading Installers from the Command-line.

Additional Steps on Linux

Granting Access to Logs on Ubuntu

Ubuntu

You can now grant access to system logs, By default, the logscale-collector process will run as the logscale-collector user, which is installed by the package and won't have access to logs in /var/log. This can be granted by adding the user to the adm group.

this can be granted by adding the user to the adm group.

shell
$ sudo usermod -a -G adm logscale-collector

Note

Running the LogScale Collector as the root user is not recommended.

Granting Access to Logs on RedHat

RedHat To access log files you need to have read rights on the system, you can add the following to your SystemD unit file to grant read access to all files.

Important

This provides broad access to all system files and therefore is not recommend for anything other than testing purposes.

ini
AmbientCapabilities = CAP_DAC_READ_SEARCH;

We recommend using specific access permissions to files or using ACLs, for example access systemd journal can be granted using the following:

shell
$ sudo usermod -a -G systemd-journal logscale-collector
Binding to the Standard Syslog Port

Only root users can bind to port < 1024. To bind to a lower port number you can give special permissions to the logscale-collector binary.

shell
$ sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/logscale-collector
$ sudo systemctl restart logscale-collector
Firewall Configuration

If a firewall has been configured on your system it may interfere with the sending of Syslog data. The firewall configuration will need to be updated to allow the default syslog port, 1515, through the firewall.

On RedHat or Debian Linux installations this can be achieved using the command:

shell
$ sudo firewall-cmd --add-port=1515/tcp  --permanent

Other Linux installations may need a different configuration.