Trunc is a logging platform that allows you to consolidate all your logs into one location. To use it, you have to configure your system / applications to push logs to the platform. This guide will show you how to do that.
There are a number of different ways to push logs to Trunc. Here, we will provide you guidance using four unique methods:
We built a light-weight agent that will collect and push all your logs to the Trunc platform. To get started, download the open source Trunc logging tool, supported on Linux (all distros), MacOS, OpenBSD and FreeBSD. It encrypts your logs using the key provided using AES 128.
$ wget https://trunc.org/downloads/trunc-logging-agent-0.5.tgz
$ tar -zxvf trunc-logging-agent-0.5.tgz
$ cd trunc-logging-agent
$ sudo ./install.sh [ip] [port] [key]
When you have an account with Trunc, you will be issued the appropriate [IP], [port], and [key] to use with the agent. This will be provided on the Account Settings page.
It will compile and start the logging agent for you.
The agent will attempt to locate log files, but if you need to explicitly add log files to the agent do so by stopping the agent, and updating the Trunc configuration file.
location | /etc/trunc-logging-agent.conf |
Alternatively, you have the option to use the SYSLOG protocol to push your logs to Trunc. When doing so, you must remember to whitelist the IP of the server sending the logs so that we know where the logs are coming from. You can do this in your dashboard via the Account Settings page.
Read more about different Syslog Daemons.
Rsyslog is the default syslog process for most Linux distributions (Ubuntu, Debian, and many others). The file is usually located here:
location | /etc/rsyslog.conf |
Modify this configuration file to include the following:
*.* @[ip]:[port]
Where [ip] and [port] are replaced with the values from your Account Settings page.
If your server is using syslogd, update the configuration file located here:
location | /etc/syslog.conf |
Modify this configuration file to include the following:
*.* @[ip]:[port]
Where [ip] and [port] are replaced with the values from your Account Settings page.
NGINX supports SYSLOG and can be initialized in the NGINX configuration file.
location | /etc/nginx/nginx.conf |
error_log syslog:server=[IP]:[PORT] debug;
access_log syslog:server=[IP]:[PORT],facility=local7,tag=nginx,severity=info;