Installation Steps #
- Download & install the LogScale package for LogConnector on Falcon LogScale
- Download the LogConnector tgz file
- Extract the LogConnector.tgz file
tar -xzf LogConnector.tgz
- Create license.json inside LogConnector/license/ and add your license
cd LogConnector/license/
nano license.json
Configuration Steps #
- Create server.conf inside LogConnector/system/local/
cd LogConnector/system/local
nano server.conf
- Configure server.conf as per your organization settings and using ingest token under [general] stanza. Example:
[general]
logscaleurl = https://cloud.community.humio.com
token = XxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX
defaultrepo = main
Note #
Use Ingest API – HEC URL for logscaleurl
Organization Ingest Token is recommended for access of ingestion across all repositories of an organization, else a single repo can only be used for ingestion.
- To start logconnector and enable LogConnector Service. Need to run these commands as sudo. When started for the first time, it will prompt to create a user along with the password.
sudo ./bin/logconnector service start
- Download and extract your connector packages and move it to LogConnector/connectors/ and configure your desired connector.
Note #
Refer connector specific installation and configuration docs of your desired connectors.
Basic Commands #
- In LogConnector directory restart the logconnector service when reloading conf or connectors:
sudo ./bin/logconnector service restart
- You can view LogConnector logs in LogConnector/var/log/logconnector/ directory – logconnector.log file
- To stop the logconnector service:
sudo ./bin/logconnector service stop
- To disable the logconnector service, such that it doesn’t auto-run on boot-start:
sudo ./bin/logconnector service disable
Troubleshooting Steps #
- LogConnector logs are stored in LogConnector/var/log/logconnector/logconnector.log file. Check logs in this file for troubleshooting.
- If you are using Linux OS with SElinux or AppArmor enabled, install Logconnector in /opt dir.
Note #
This is mostly the case in RedHat based OS, where SElinux is enabled by default. Logconnector will fail to start when installed in any other dir, if SElinux is enabled. Need to disable SElinux if you want to install Logconnector in any other directory.