Syslog Messages

Learn how to forward syslog messages to Sentry via the OpenTelemetry Protocol (OTLP).

This guide shows you how to collect syslog messages and forward them to Sentry using the OpenTelemetry Collector with the Syslog Receiver.

Before you begin, ensure you have:

Network access to receive syslog messages (TCP or UDP)
A Sentry project to send data to

The Syslog Receiver is included in the OpenTelemetry Collector Contrib distribution. You'll need to download and install this version, as the standard otelcol binary does not include the Syslog Receiver.

Download the latest otelcol-contrib binary from the OpenTelemetry Collector releases page.

You'll need your Sentry OTLP endpoint and authentication header. These can be found in your Sentry Project Settings under Client Keys (DSN) > OpenTelemetry (OTLP).

Copied

___OTLP_LOGS_URL___

Copied

x-sentry-auth: sentry sentry_key=___PUBLIC_KEY___

Create a configuration file with the Syslog Receiver and the OTLP HTTP exporter configured to send logs to Sentry.

For additional configuration options like TLS, async processing, or custom attributes, see the Syslog Receiver Documentation.

This configuration receives syslog messages over TCP using the RFC 5424 format:

config.yaml

Copied

receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:514"
    protocol: rfc5424

processors:
  batch:
    send_batch_size: 1024
    send_batch_max_size: 2048
    timeout: "1s"

exporters:
  otlphttp/sentry:
    logs_endpoint: ___OTLP_LOGS_URL___
    headers:
      x-sentry-auth: "sentry sentry_key=___PUBLIC_KEY___"
    compression: gzip
    encoding: proto

service:
  pipelines:
    logs:
      receivers:
        - syslog
      processors:
        - batch
      exporters:
        - otlphttp/sentry

This configuration receives syslog messages over UDP using the older RFC 3164 (BSD syslog) format:

config.yaml

Copied

receivers:
  syslog:
    udp:
      listen_address: "0.0.0.0:514"
    protocol: rfc3164
    location: UTC

processors:
  batch:
    send_batch_size: 1024
    send_batch_max_size: 2048
    timeout: "1s"

exporters:
  otlphttp/sentry:
    logs_endpoint: ___OTLP_LOGS_URL___
    headers:
      x-sentry-auth: "sentry sentry_key=___PUBLIC_KEY___"
    compression: gzip
    encoding: proto

service:
  pipelines:
    logs:
      receivers:
        - syslog
      processors:
        - batch
      exporters:
        - otlphttp/sentry

After setting up the collector, configure your systems to send syslog messages to it.

Add the following to /etc/rsyslog.conf or create a file in /etc/rsyslog.d/:

/etc/rsyslog.d/50-otel.conf

Copied

# For TCP (RFC 5424)
*.* @@otel-collector-host:514

# For UDP (RFC 3164)
*.* @otel-collector-host:514

Then restart rsyslog:

Copied

sudo systemctl restart rsyslog

Add to your syslog-ng configuration:

Copied

destination d_otel {
    network("otel-collector-host" port(514) transport("tcp"));
};

log {
    source(s_sys);
    destination(d_otel);
};

Verify the syslog source is sending to the correct host and port
Ensure firewall rules allow inbound traffic on the configured port
Confirm the protocol setting matches your syslog source (RFC 3164 vs RFC 5424)

Was this helpful?

Help improve this content
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").

How to contribute | Edit this page | Create a docs issue | Get support