Configure Log Shippers

To have your server send data to a repository in Falcon LogScale, you will need a utility on your server that will read the server's data, package it and send it properly to Falcon LogScale. Software that performs this function is known as a log shipper. A log shipper will typically read entries made to logs, but it might listen on specific ports and record the traffic. It may also collect metrics by some other method.

We recommend using Falcon Log Collector as your log shipper, but it could also be an application specifically made for this purpose, or a utility that has multiple uses. You could even write a custom script that will achieve the same results. Whatever methods it uses, it'll then send the logs and metrics it collects to Falcon LogScale.

Falcon Log Collector

The Falcon Log Collector is an integrated and managed solution for shipping logs to Falcon LogScale. Using the Fleet Management you can manage thousands of log collectors across your infrastructure, share and organize multiple configurations and ensure that your instances are sending the right logs and data to your instance.

The Falcon Log Collector can also be managed manually. For a minimal configuration of the Falcon Log Collector, download the collector (see Install Falcon Log Collector), and then create a configuration file:

yaml
sources:
  apache_logs:
    type: file
    include: /var/log/apache/*.log
    sink: my_humio_instance

sinks:
  my_humio_instance:
    type: humio
    token: INGEST_TOKEN
    url: https://cloud.community.humio.com

To understand the configuration file, there are two key elements:

  • sources

    Sources define the locations where log files will be read and sent to Falcon LogScale.

  • sinks

    Sinks are the target destinations where data will be sent.

In the above example, Falcon Log Collector is configured to send all the log files from /var/log/apache to Falcon LogScale Cloud. The token should be an Ingest token for the repository where the data should be stored.

For more information on using the Falcon Log Collector, see Falcon Log Collector.

Other Log Shippers

As an alternative to the Falcon Log Collector, there are other methods available for getting data into Falcon LogScale that you might choose based on your needs. For more information on the log shippers and tools available, see Third-Party Log Shippers. You can also use the Application Programming Interfaces (APIs).