The Rsyslog log processor is very popular and is being shipped with most popular Linux distributions, including Ubuntu and CentOS. Rsyslog provides a long list of plugins, most importantly the Elastic search output plugin, which is supported by Humio.
Self-hosted users will have to enable the ElasticSearch bulk endpoint on port 9200. See ELASTIC_PORT.
We recommend some minimal configuration for forwarding all logs to Humio. You’ll need to create a file named
/etc/rsyslog.d/33-humio.conf with the following contents.
Please ensure the
$YOUR_HUMIO_URL for on-prem is the URL of your Humio instance and for Humio Cloud it should either be https://cloud.humio.com for EU Cloud or https://cloud.us.humio.com for US Cloud. For example if you are sending data to Humio EU Cloud your server URL should look like this https://cloud.humio.com:443/.
$INGEST_TOKEN is the ingest token for your repository.
$INGEST_TOKENin this example should be the ingest token for your repository. The``bulkmode`` and
usehttpshave to be set to
onfor Humio Cloud and for self-hosted installations in which Humio is behind an HTTPS proxy.
rsyslogfrom the command-line like so:
systemctl status rsyslog.service) to see if the Elasticsearch module failed to load. In most cases this can be corrected by installing the module using
apt-get install rsyslog-elasticsearchon Ubuntu or
yum install rsyslog-elasticsearchon CentOS/RHEL.