Exporting Logs to Loggly
Exporting Logs to Loggly
In this post we’ll explore logging on Ubuntu Core and specifically how you can pipe your logs to Loggly (a cloud logging service).
Logging in general is a hotly debated topic. There are people who advocate “LOG EVERYTHING”. Other’s will decry the evils of log spam. While others still will try to walk a middle ground, “Log what you can, but only what you need.” Logging in the IoT space is even hard because in many cases your resource constraints are actually what drives your logging decisions.
With all that said, we won’t try to dive head first into that debate. Instead we will attempt to carve out a solution for a very narrowly defined problem. Specifically, we’ll go over how you can get your logs from your Ubuntu Core device into Loggly.
If you’re not familiar with Loggly, you might want to check out their about page. The quick summary is
Loggly is a SaaS solution for log data management. Wi>th Loggly’s log management software, you’re able to bring logs from the depths of your entire infrastructure to one place where you can track activity and analyze trends.
So in other words Loggly is a very powerful tool to search and analysis log data from any number of sources.
Shipping Logs on a classic Linux system
If you do a quick search for shipping logs to loggly on Linux, you might end up here: https://www.loggly.com/docs/rsyslog-tls-configuration/. If you tried to follow these directions for Ubuntu Core you’d run into a few road blocks, but we will use this tutorial as a jumping off point. This article explains a fairly simple setup with three major components: journald, rsyslog, and Loggly. In this scenario, journald and rsyslog are both installed on the system where you are collecting logs. Journald collects logs from various places on the system and rsyslog pulls those logs from journald and forwards them to Loggly. Pretty simple right?
Will it work on Ubuntu Core?
Journald is installed on Ubuntu Core by default, so this requirement for us is already met. However rsyslog is bit more tricky. On Ubuntu Core 16 rsyslog is installed and enabled by default, but on Ubuntu Core 18 it’s not installed at all. In this point we will be focusing on Ubuntu Core 18, because 1) it’s the latest version of Ubuntu Core and 2) this solution will work for both versions 16 and 18.
Step 1: Create an account on Loggly
Loggly offers a basic subscription tier that is free and you can sign up without a credit care.
- Go to https://www.loggly.com/ and click “Free Trial”
- Fill out the form with your name, email and country. Click create account and fill the rest of your account details.
- Click “Go to Account” and login with the email/password you just created.
- You should be taken to “Source Setup”, If not click “Source Setup” on the top menu bar
- Then click “Customer Tokens” on the secondary menu bar (again at the top of the page)
- You should see a section called “Active” and there should be a pregenerated token there already. Copy that token for the use in the next step.
Step 2: Install and Configure the Loggly Shipper snap
Now log into the Ubuntu Core Device where you want to ship logs. Install the loggly shipper snap:
snap install loggly-shipper --edge (note, you may need to use sudo, if you’re not logged into the snap store already.). Then grant the snap permissions to read the logs: snap connection loggly-shipper:log-observe
Next, you need to configure the snap to use the customer token you copied in step 1. snap set loggly-shipper customer-token=your-token-here (make sure to replace ‘your-token-here’ with your actual token). Finally, restart the snap so it picks up the latest configuration. snap restart loggly-shipper
Step 3: Verify logs are flowing
If all went smoothly your logs should already be appearing in Loggly. Go back to Loggly in your browser. This time click on “🔍 Search” in the top menu bar. You should see a graph similar to the screenshot below.
Putting it all together
Latest Posts
Building an Appliance Images
12 Dec 2020
A First Look at Ubuntu Appliance Portfolio
18 Oct 2020