According to MongoDB documentation, if you want to write MongoDB logs to the local syslog daemon, you can update the mongod.conf file with below systemLog.destination configuration.

$ sudo vi /etc/mongod.conf
systemLog:
    destination: syslog
$ mongod --config /etc/mongod.conf
$ mongos --config /etc/mongos.conf

But this approach has two issues:

  • The syslog daemon generates timestamps when it logs a message, not when MongoDB issues the message. This can cause misleading timestamps in syslogs, especially when the system is under heavy load. MongoDB recommend using the file option for production systems to ensure accurate timestamps.
  • This approach cannot send log events to a remote/local syslog server. (**MongoDB does not officially support log-forwarding**)

Workaround: Read MongoDB log file and forward via rsyslog to remote/local server

01) Keep MongoDB systemLog config as it is (writing to file configuration).

systemLog:
    destination: file
    path: "/var/log/mongodb/mongod.log"
    logAppend: true

02) Find rsyslog configuration file inside /etc/ directory.

$ sudo vi /etc/rsyslog.conf

03) Add below lines to the end of rsyslog.conf file. Feel free to change IP, port, and other parameters as per your requirements.

$ModLoad imfile
$InputFileName "/var/log/mongodb/mongod.log"
$InputFileTag mongodb
$InputFileStateFile mongodb-state
$InputFileFacility local3
$InputRunFileMonitor
local3.* action(type="omfwd" target="192.168.1.165" port="11514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")

✅ Tested OS's : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+
✅ Tested Gear : Cloud (AWS EC2), On-Prem (Bare Metal)

Leave a comment