Aller au contenu principal

Quickstart: Send your first logs

You just got access to CLM — let's get your first logs flowing in under 10 minutes.

By the end of this guide, you'll have a working collector sending real logs to CLM, and you'll know how to find them in the Log Explorer.

Prerequisites

  • You have received your CLM access URL from Centreon.
  • You have created your account on the Centreon user portal and can access your CLM instance.

Step 1: Generate an authentication token

The collector needs a token to authenticate with CLM.

  1. In CLM, go to Administration > Token management.
  2. Click Add.
  3. Enter a name (e.g., my-first-collector) and click Generate token.
  4. Copy the token now — it won't be displayed again.
astuce

Store the token in a password manager or a secure note. You'll need it in the next step.

Step 2: Install the OpenTelemetry Collector

Install the otelcol-contrib package on the host you want to collect logs from.

wget https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/v0.145.0/otelcol-contrib_0.145.0_linux_amd64.rpm
sudo rpm -ivh otelcol-contrib_0.145.0_linux_amd64.rpm

Step 3: Configure the collector

Edit /etc/otelcol-contrib/config.yaml (as root):

exporters:
  otlphttp/centreon:
    endpoint: "https://api.euwest1.obs.mycentreon.com/v1/ingress/otlp/v1/logs"
    headers:
      "X-Api-Key": "<YOUR_TOKEN>"

processors:
  batch:
  resourcedetection:
    detectors: ["system"]
    system:
      resource_attributes:
        host.name:
          enabled: true
        os.name:
          enabled: true
        os.type:
          enabled: true
        os.version:
          enabled: true

receivers:
  filelog/syslog:
    include:
      - /var/log/syslog
      - /var/log/messages
    resource:
      service.name: syslog

service:
  pipelines:
    logs:
      receivers: [filelog/syslog]
      processors: [resourcedetection, batch]
      exporters: [otlphttp/centreon]

Replace <YOUR_TOKEN> with the token you generated in Step 1.

attention

YAML indentation matters — use exactly 2 spaces per level, no tabs.

Step 4: Start the collector

sudo systemctl restart otelcol-contrib.service
sudo systemctl status otelcol-contrib.service

Step 5: See your logs in CLM

  1. Open CLM and go to the Log explorer page.
  2. Your logs should appear within a few seconds.
  3. Try a simple query to filter them:
service_name:syslog
astuce

If no logs appear after 30 seconds, check the Troubleshooting section below.

Step 6: Create your first alert

Now that logs are flowing, set up a basic alert to get notified when errors occur.

  1. Go to Alerts & notifications > Alert rules.
  2. Click Add.
  3. Configure it:
    • Name: High severity logs
    • Alert type: Count
    • Query: severity_number:[17 TO *] (this catches ERROR and FATAL logs)
    • Frequency: Every 5 minutes
    • Condition: If > 10, then CRITICAL
  4. Click Save.

CLM will now generate alert events whenever more than 10 error-level logs appear in a 5-minute window.

Something not working?

SymptomWhat to check
No logs in CLMIs the collector running? Check with systemctl status otelcol-contrib.service (Linux) or sc query otelcol-contrib (Windows).
Collector won't startCheck the logs: journalctl -u otelcol-contrib.service -n 50 (Linux). Usually a YAML indentation or syntax issue.
"401 Unauthorized" in collector logsYour token is invalid or expired. Generate a new one in Administration > Token management.
"413 Request Entity Too Large"Log batches exceed 5 MiB. Add a sending_queue config to reduce batch size.
Logs appear but can't be queriedCheck that you're looking at the right time period (top right corner of Log Explorer).
Permission denied on log filesThe otelcol-contrib user needs read access: sudo usermod -aG adm otelcol-contrib then restart.

What's next?