File (Linux) Source | Falcon LogScale Collector 1.9.0-1.10.2 | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

File (Linux) Source

Example

yaml

var_log:
   type: file
   include: /var/log/*
   exclude: /var/log/*.gz
   sink: humio
  
  syslog_udp_5140:
   type: syslog
   mode: udp
   port: 5140
   sink: humio
   workers: 1
  
  syslog_tcp_5140:
   type: syslog
   mode: tcp
   port: 5140
   sink: humio
  sinks:
   humio:
    type: humio
    token: $INGEST_TOKEN   
    url: $HUMIO_URL

Introduction

This configuration sets up log collection on a Linux system from local log files and Syslog sources over both UDP and TCP.

Step-by-Step

yaml

var_log:
   type: file
   include: /var/log/*
   exclude: /var/log/*.gz
   sink: humio
  
  syslog_udp_5140:
   type: syslog
   mode: udp
   port: 5140
   sink: humio
   workers: 1
  
  syslog_tcp_5140:
   type: syslog
   mode: tcp
   port: 5140
   sink: humio

This fragment defines three Linux sources: file logs from /var/log, and syslog_udp_5140 messages over UDP on port 5140 and syslog_tcp_5140 messages over TCP on port 5140. All sources forward data to the same humio sink.

yaml
```
sinks:
   humio:
    type: humio
    token: $INGEST_TOKEN   
    url: $HUMIO_URL
```
This fragment defines a humio sink to recieve logs from Linux file and syslog sources. Replace $INGEST_TOKEN and $HUMIO_URL with your environment values.
Event Result set.

Summary and Results

This configuration sets up collecting logs from /var/log, UDP Syslog (port 5140), and TCP Syslog (port 5140), with logs forwarded to a Humio sink for centralized analysis.

Enter search term