Configure Trunc Logging Platform

Trunc is a logging platform that allows you to consolidate all your logs into one location. To use it, you have to configure your system / applications to push logs to the platform. This guide will show you how to do that.

There are a number of different ways to push logs to Trunc. Here, we will provide you guidance using four unique methods:

Trunc Agent
Syslog
Rsyslog
Syslogd

Option1: Trunc Agent

We built a light-weight agent that will collect and push all your logs to the Trunc platform. To get started, download the open source Trunc logging tool, supported on Linux (all distros), MacOS, OpenBSD and FreeBSD. It encrypts your logs using the key provided using AES 128.


						$ wget https://trunc.org/downloads/trunc-logging-agent-0.5.tgz

						$ tar -zxvf trunc-logging-agent-0.5.tgz

						$ cd trunc-logging-agent 

						$ sudo ./install.sh [ip] [port] [key]

When you have an account with Trunc, you will be issued the appropriate [IP], [port], and [key] to use with the agent. This will be provided on the Account Settings page.

It will compile and start the logging agent for you.

Add Files to Trunc Agent

The agent will attempt to locate log files, but if you need to explicitly add log files to the agent do so by stopping the agent, and updating the Trunc configuration file.

location

/etc/trunc-logging-agent.conf

Option2: Syslog

Alternatively, you have the option to use the SYSLOG protocol to push your logs to Trunc. When doing so, you must remember to whitelist the IP of the server sending the logs so that we know where the logs are coming from. You can do this in your dashboard via the Account Settings page.

Read more about different Syslog Daemons.

Rsyslog

Rsyslog is the default syslog process for most Linux distributions (Ubuntu, Debian, and many others). The file is usually located here:

location

/etc/rsyslog.conf

Modify this configuration file to include the following:


						 *.*        @[ip]:[port]

Where [ip] and [port] are replaced with the values from your Account Settings page.

Syslogd

If your server is using syslogd, update the configuration file located here:

location

/etc/syslog.conf

Modify this configuration file to include the following:


						 *.*        @[ip]:[port]

Where [ip] and [port] are replaced with the values from your Account Settings page.

NGINX

NGINX supports SYSLOG and can be initialized in the NGINX configuration file.

location

/etc/nginx/nginx.conf


						error_log syslog:server=[IP]:[PORT] debug;

						access_log syslog:server=[IP]:[PORT],facility=local7,tag=nginx,severity=info;

Learn more about NGINX and SYSLOG and NGINX Logs.

Posted in trunc by trunc_team

Logging Guides

We love logs. In this section we will share some articles from our team to help you get better at logging.

Trunc Logging

Logging for fun and a good night of sleep.

* Real time search
* Google simple
* Cheap
* Just works
* PCI compliance

Latest articles

Latest articles from our learning center.

2024-03-26
Log Management: Introducing Active Response, Putting Logs to Work

2024-03-19
Log Management: Understanding its Importance and Functionality

2024-03-07
5 Ways Log Management and SIEM Technologies Strengthen Security Governance

2023-01-25
5 Reasons to Monitor Web Server Logs

2023-01-25
Logging basics: What is syslog

2022-10-27
Log Managment and Security

Contact us!

Do you have an idea for an article that is not here? See something wrong? Contact us at support@noc.org

Tired of price gouging

Clear pricing. No need to guess. Real people. Real logging.