Installing Humio Log Collector on Linux

The OS versions which are officially supported are listed below, but the Log Collector should be compatible with most modern x86-64 systemd based Debian and RHEL type systems, and modern supported Windows distributions.

  • Ubuntu 20.04 LTS (x86-64)

  • RedHat Enterprise Linux 7 & 8 (x86-64)

See Installing Log Collector on Windows for the supported versions of Windows. If you need more information on the Log Collector support for a different operating system or architecture, please get in contact with Humio Support who will note your interest.

Downloading the Log Collector

The Log Collector can be downloaded from the Humio User Interface by authenticated users. To download the Log Collector go to Organization Settings > Log Collector.

Download Page

Figure 234. Download Page


Choose the version of the Log Collector you wish to download. Humio will also generate an example configuration file based on the distribution you chose and the details of your Humio instance.

Installing the Log Collector
Ubuntu

Run the following command to install Humio Log Collector

humio
$ dpkg -i humio-log-collector_x.x.x_linux_amd64.deb
Granting Access to System Logs on Ubuntu

By default, the humio-log-collector process will run as the humio-log-collector user, which is installed by the package and won't have access to logs in /var/log.

this can be granted by adding the user to the adm group.

humio
sudo usermod -a -G adm humio-log-collector

Note

Running the Log Collector as the root user is not recommended.

Redhat

Run the following command to install Humio Log Collector

humio
$ rpm -i humio-log-collector.rpm
Granting Read Access to Logs On RHEL

To access log files in RedHat environments you need to have read rights on the system, you can use the following command to grant read access to all files.

humio
AmbientCapabilities=CAP_DAC_READ_SEARCH
Running the Log Collector Manually

You can run the Log Collector as a standalone process and ignore the service file etc.

humio
humio-log-collector -cfg config.yaml

The executable humio-log-collector is located in /usr/bin by default.

Configuring Startup on Boot

The package ships with a service file that can be enabled as a SystemD service to run at startup by running:

humio
sudo systemctl start humio-log-collector.service

And configured to start on boot using:

humio
sudo systemctl enable humio-log-collector.service
Binding to the Standard Syslog Port

Only root users can bind to port < 1024. To bind to a lower port number you can give special permissions to the humio-log-collector binary.

humio
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/humio-log-collector
sudo systemctl restart humio-log-collector
Next Steps

Once you have downloaded and installed Humio Log Collector you need to: