I have plans to pull in logs from our remote servers but struggle with integrating the syslog plugin. My first remote machine is debian Jessie and have installed telegraf 1.7 to send data to my homebrew test influxdb.
I see my homebrew system and at least my remote system metrics so that implies that on my remote system /etc/telegraf.conf has its [[outputs.influxdb]] set correctly.
I have followed the readme in https://github.com/influxdata/telegraf/tree/master/plugins/inputs/syslog
I would like to use UDP to send logs directly from rsyslog but I just want to get it to work. Lots of config files in play here.
I have opened the 8086 and 6514 ports open between my remote machine to my homebrew influxdb.
Using the Readme instructions I placed this into /etc/rsyslog.d/50-telegraf.conf
$ActionQueueType LinkedList # use asynchronous processing $ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
# forward over tcp with octet framing according to RFC 5425 *.* @@(o)127.0.0.1:6514;RSYSLOG_SyslogProtocol23Format
The last line has alternated from localhost to my homebrew influx server. No difference.
I’ve seen this post where everything is on localhost but abandoned it since I’m wanting to collect logs from a remote machine.
In [[inputs.syslog]] I have alternated between
server = "tcp://:6514"
server = "tcp://myhomebrewserver:6514"
So on the remote box I ran
telegraf --config /etc/telegraf/telegraf.d/inputs-syslog-plugin.conf
E! Error: no outputs found, did you provide a valid config file?
OK, In this file I added:
url = “http://myhomebrewserver:8086”
database = “telegraf”
username = “myusername”
password = “mypwd”
Which failed as expected.
Reading this forum it seems that telegraf isn’t set up to push data directly remotely, at least in the master branch.
How is this done? What am I missing?, sam