Configure Log Shippers

To have your server send data to a repository in LogScale, you will need a utility on your server that will read the server's data, package it and send it properly to LogScale. Software that performs this function is known as a log shipper. A log shipper will typically read entries made to logs, but it might listen on specific ports and record the traffic. It may also collect metrics by some other method.

We recommend using Falcon LogScale Collector as your log shipper, but it could also be an application specifically made for this purpose, or a utility that has multiple uses. You could even write a custom script that will achieve the same results. Whatever methods it uses, it'll then send the logs and metrics it collects to LogScale.

Falcon LogScale Collector

The Falcon LogScale Collector is an integrated and managed solution for shipping logs to LogScale. Using the Fleet Management you can manage thousands of log collectors across your infrastructure, share and organize multiple configurations and ensure that your instances are sending the right logs and data to your instance.

The Log Collector can also be managed manually. For a minimal configuration of the Log Collector, download the collector (see Installing the LogScale Collector), and then create a configuration file:

yaml
sources:
  apache_logs:
    type: file
    include: /var/log/apache/*.log
    sink: my_humio_instance

sinks:
  my_humio_instance:
    type: humio
    token: INGEST_TOKEN
    url: https://cloud.community.humio.com

To understand the configuration file, there are two key elements:

  • sources

    Sources define the locations where log files will be read and sent to LogScale.

  • sinks

    Sinks are the target destinations where data will be sent.

In the above example, Log Collector is configured to send all the log files from /var/log/apache to LogScale Cloud. The token should be an Ingest token for the repository where the data should be stored.

For more information on using the LogScale Collector, see Falcon LogScale Collector.

Other Log Shippers

As an alternative to the Log Collector, there are other methods available for getting data into LogScale that you might choose based on your needs. For more information on the log shippers and tools available, see Third-Party Log Shippers. You can also use the Application Programming Interfaces (APIs).