Send logs from Syslog to New Relic logs

A simple guide to send logs from Syslog to New Relic logs in just a few minutes.
type: tutorialdomain: sourcesdomain: sinkssource: syslogsink: new_relic_logs

Logs are an essential part of observing any service; without them you'll have significant blind spots. But collecting and analyzing them can be a real challenge -- especially at scale. Not only do you need to solve the basic task of collecting your logs, but you must do it in a reliable, performant, and robust manner. Nothing is more frustrating than having your logs pipeline fall on it's face during an outage, or even worse, cause the outage!

Fear not! In this guide we'll build an observability pipeline that will send logs from Syslog to New Relic logs.


What is Syslog?

Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is used to collect various device logs from different machines and send them to a central location for monitoring and review.

What is New Relic logs?

New Relic is a San Francisco, California-based technology company which develops cloud-based software to help website and application owners track the performances of their services.


How This Guide Works

We'll be using [Vector][urls.vector_website] to accomplish this task. Vector is a popular open-source observability data pipeline. It's written in Rust, making it lightweight, ultra-fast and highly reliable. And we'll be deploying Vector as a agent.

Vector daemon deployment strategyVector daemon deployment strategy
1. Your service logs to STDOUT
STDOUT follows the 12 factor principles.
2. STDOUT is captured
STDOUT is captured and sent to Syslog.
3. Vector collects & fans-out data
Vector will sends logs to [New Relic logs](

What We'll Accomplish

We'll build an observability data pipeline that:

  • Receives logs from Syslog.
    • Enriches data with useful Syslog context.
    • Supports TCP keepalive for efficient resource use and reliability.
    • Securely receives data via Transport Layer Security (TLS).
  • Sends logs to New Relic logs.
    • Buffers data in-memory or on-disk for performance and durability.
    • Compresses data to optimize bandwidth.
    • Automatically retries failed requests, with backoff.
    • Securely transmits data via Transport Layer Security (TLS).
    • Batches data to maximize throughput.

All in just a few minutes!


  1. Install Vector

    curl --proto '=https' --tlsv1.2 -sSf | sh
  2. Configure Vector

    cat <<-'VECTORCFG' > ./vector.toml
    type = "syslog"
    address = ""
    mode = "tcp"
    path = "/path/to/socket"
    type = "new_relic_logs"
    inputs = [ "syslog" ]
  3. Start Vector

    vector --config ./vector.toml
  4. Observe Vector

    vector top
    explain this command

Next Steps

Vector is powerful tool and we're just scratching the surface in this guide. Here are a few pages we recommend that demonstrate the power and flexibility of Vector:

Vector Github repo 4k
Vector is free and open-source!
Vector quickstart
Get setup in just a few minutes
Vector documentation
Everything you need to know about Vector