Why aren't Heroku syslog drains logging to rsyslogd?

Question

I'm having a problem using syslog drains as described in https://devcenter.heroku.com/articles/logging.

To summarize, I have an Ubuntu 10.04 instance on EC2 that is running rsyslogd. I've also set up the security groups as they describe, and added a syslog drain using a command like heroku drains:add syslog://host1.example.com:514.

I can send messages from the Heroku console to my rsyslogd instance via nc. I see them appear in the log file, so I know there isn't a firewall/security group issue.  However, Heroku does not seem to be forwarding log messages to the server that heroku drains lists. I would expect to see HTTP requests, Rails messages, etc.

Is there something else I can try to do to figure this out? I'm new to rsyslogd, so I could easily be missing something.

Answer 1

I found out what I had done wrong, with the help of Heroku Support. (Thanks guys!)

I had used the wrong security group name (default instead of logplex). (Dynos run under default, so that's why nc worked.)

These are the appropriate values for the fields in the AWS Security Group web interface:

• Create a new rule: Custom TCP rule
• Port range: 514
• Source: 098166147350/logplex (NOTE: not default)

Answer 2

My two cents here:

Notice that adding the port number (514) at the end of the drain URL is important. I initially though that the 'syslog://' prefix should suffice, but apparently it doesn't.

Answer 3

Thanks for posting this. One thing got me though. I had to restart my app on heroku before it started writing to the new drains. (after I tried so many other things!)