Integration with Linux
This guide explains how to integrate Linux systems with OpenObserve to collect and analyze system logs and performance metrics.
Overview
Linux systems generate two primary types of monitoring data: system logs and performance metrics. Collecting and analyzing these data is essential for maintaining system health, performance, and security.
Installation Options
OpenObserve provides two approaches to monitor Linux systems:
- OpenObserve Collector: A simple, one-command installation recommended for most users.
- OpenTelemetry Collector: A flexible option for advanced or customized environments.
Steps to integrate
Prerequisites
- A Linux machine such as Ubuntu, Debian, CentOS, or RHEL
- Root or sudo access to install and configure services
- Access to an OpenObserve instance, either cloud or self-hosted
Steps
- Log in to your OpenObserve instance.
- Navigate to Data Sources > Recommended > Linux.
- Copy the provided installation command. The command includes your endpoint and API key.
- Run the command in your terminal:
curl -O https://raw.githubusercontent.com/openobserve/agents/main/linux/install.sh && chmod +x install.sh && sudo ./install.sh https://your-openobserve-instance.com/api/default/ YOUR_API_KEY
What the OpenObserve Collector Does:
- Installs as a systemd service
- Collects system logs from journald or syslog
- Collects host metrics including CPU, memory, disk, network, and process-level usage
- Forwards all collected data to OpenObserve
Steps
- Set Up the OpenTelemetry Collector Check for the latest version of the OpenTelemetry Collector on the official releases page.
- Configure the OpenTelemetry Collector
Create a file named
config.yaml
in the/opt/otel-collector
directory with the following content:Replacehttps://your-openobserve-instance.com/api/default
with your OpenObserve endpoint andYOUR_API_KEY
with your actual API key. - Run the Collector
Advanced Configuration Options
Here are some essential configurations to enhance your Linux monitoring:
Security-Focused Monitoring
For enhanced security monitoring:
This configuration focuses on authentication logs to help detect unauthorized access attempts and potential security breaches.
Using Journald Receiver
If you prefer to collect logs directly from journald instead of log files:
The journald receiver requires systemd and only works on Linux systems using systemd as their init system.Troubleshooting
OpenObserve Collector Installation Issues
- Permission Denied: Run the installation command with
sudo
. - Service Not Starting: Check status with
sudo systemctl status openobserve-agent
and look for error messages. - Network Issues: Verify connectivity with
curl -v https://your-openobserve-instance.com
.
Log Collection Issues
- Missing Logs: Check file permissions and ensure the OpenObserve Collector has read access to log files.
- Journald Access: For systemd-based systems, ensure the OpenObserve Collector has proper journal access.
- Log Format Problems: If logs appear malformed, check timezone settings and log formats.
Metrics Collection Issues
- Missing Metrics: Verify the OpenObserve Collector has permissions to access system metrics.
- Performance Impact: If the OpenObserve Collector uses too many resources, adjust collection intervals.
OpenTelemetry Collector Issues
- Configuration Errors: Validate your config.yaml syntax and check OpenTelemetry Collector logs.
- Export Failures: Verify your endpoint URL and API key are correct.
- Resource Constraints: Adjust batch settings if the OpenTelemetry Collector terminates unexpectedly.