How to visualize Syslog in Grafana with Loki and Syslog-NG

Learn how to visualize Cisco Syslog

Alt text

Syslog-NG

I install Syslog-NG and edit the config to include my Cisco Router 192.168.122.205.

#https://wiki.ubuntuusers.de/Archiv/syslog-ng/
sudo apt-get install syslog-ng 
code /etc/syslog-ng/syslog-ng.conf
sudo /etc/init.d/syslog-ng restart
syslog-ng --syntax-only #for testing the syslog config

/etc/syslog-ng/syslog-ng.conf

source s_udp
{
    udp(port(514));
};
destination d_router { 
    file("/var/log/router.log");
 };
filter f_router { 
    host("192.168.122.205");
 };
 log { 
      source(s_udp); 
      filter(f_router);
      destination(d_router); 
};

I configure my router to send syslog traffic to Syslog-NG.

logging host 192.168.122.24

Loki

I install Loki and the promtail agent on the same server.

#https://grafana.com/docs/loki/latest/setup/install/docker/
mkdir loki 
cd loki

wget https://raw.githubusercontent.com/grafana/loki/v3.0.0/cmd/loki/loki-local-config.yaml -O loki-config.yaml
wget https://raw.githubusercontent.com/grafana/loki/v3.0.0/clients/cmd/promtail/promtail-docker-config.yaml -O promtail-config.yaml

docker run --name loki -d -v $(pwd):/mnt/config -p 3100:3100 grafana/loki:3.0.0 -config.file=/mnt/config/loki-config.yaml
docker run --name promtail -d -v $(pwd):/mnt/config -v /var/log:/var/log --link loki grafana/promtail:3.0.0 -config.file=/mnt/config/promtail-config.yaml

Grafana

I create a new Data Source and select my Loki Server. Alt text

I add a new visualization and choose the path of my Syslog-NG logfile and thats it! Alt text