Configure Log Shippers

To have your server send data to a repository in Falcon LogScale, you will need a utility on your server that will read the server's data, package it and send it properly to Falcon LogScale. Software that performs this function is known as a log shipper. A log shipper will typically read entries made to logs, but it might listen on specific ports and record the traffic. It may also collect metrics by some other method.

We recommend using Falcon LogScale Collector as your log shipper, but it could also be an application specifically made for this purpose, or a utility that has multiple uses. You could even write a custom script that will achieve the same results. Whatever methods it uses, it will then send the logs and metrics it collects to Falcon LogScale.

Falcon LogScale Collector

The Falcon LogScale Collector is an integrated and managed solution for shipping logs to Falcon LogScale. Using the Fleet Management you can manage thousands of log collectors across your infrastructure, share and organize multiple configurations and ensure that your instances are sending the right logs and data to your instance.

The Falcon LogScale Collector can also be managed manually. For a minimal configuration of the Falcon LogScale Collector, download the collector (see Install Falcon LogScale Collector), and then create a configuration file:

yaml
sources:
  apache_logs:
    type: file
    include: /var/log/apache/*.log
    sink: my_humio_instance

sinks:
  my_humio_instance:
    type: humio
    token: INGEST_TOKEN
    url: https://cloud.community.humio.com

To understand the configuration file, there are two key elements:

  • sources

    Sources define the locations where log files will be read and sent to Falcon LogScale.

  • sinks

    Sinks are the target destinations where data will be sent.

In the above example, Falcon LogScale Collector is configured to send all the log files from /var/log/apache to Falcon LogScale Cloud. The token should be an Ingest token for the repository where the data should be stored.

For more information on using the Falcon LogScale Collector, see Falcon LogScale Collector.

Other Log Shippers

As an alternative to the Falcon LogScale Collector, there are other methods available for getting data into Falcon LogScale that you might choose based on your needs. For more information on the log shippers and tools available, see Third-Party Log Shippers. You can also use the Application Programming Interfaces (APIs).