Adding a Centralized Logging Server

Download the Atakama Log Server binary:

On Linux, you will have to mark the file as executable: chmod +x atakama-logger. Note that the binary may be deployed somewhere in your $PATH, such as /usr/local/bin.

On Windows, as a prerequisite make sure you have installed the latest version of the Microsoft Visual C++ Redistributable. This is needed for the server to start and function correctly.

Run the Log Server:

  1. Generate a new private key for the server, and save it to the default config file:

    $ atakama-logger keygen --save
  2. Open this config file in a text editor. It’s located at “C:\Users\[username]\AppData\Roaming\Atakama\server.cfg” on Windows, and “~/.config/atakama/server.cfg” on Linux.

  3. Configure an output type. Here’s an example file:

        "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
        "output": {
            "json_file": "/tmp/atakama-events.log"

    This will write all events in JSON lines format to /tmp/atakama-events.log.

    Here’s an example for Logstash output, where <endpoint> is the endpoint you configured for your HTTP input plugin:

        "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
        "output": {
            "logstash_url": "https://<endpoint>"

    And finally, for an RFC 3164-compatible syslog server:

        "privkey_pem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
        "output": {
            "rfc3164_syslog_url": "<ip or hostname>[:port]"

    Note that if unspecified, the port will default to 514.

  4. Obtain your server’s ID, which will be used when connecting an Atakama instance to the server.

    $ atakama-logger get-id

    Save this value somewhere you will be able to reference it later.

  5. Start the server:

    $ atakama-logger start
    20201118-143434: INFO: __main__ - Loading config from '/home/user/.config/atakama/goblin/server.cfg'
    20201118-143434: CRITICAL: __main__ - This server's device id is: 46e9ceacc26ca48ef8ee90d21b24b2f4
    20201118-143434: INFO: __main__ - Starting server
    20201118-143434: INFO: loggoblin.goblin - workstation relay connect: wss://
    20201118-143435: INFO: loggoblin.goblin - Connected to relay server
    20201118-143435: INFO: loggoblin.goblin - Goblin startup complete

    To exit, just hit Ctrl-C and the server will shut down cleanly.

Connect end users to the Log Server:

For local testing, the Log Server ID can be configured from the Atakama Control Center:

In the dialog box, enter the server ID you generated during server setup.

For production deployments, the server ID can be configured via the usual enterprise configuration tool.

When this configuration is loaded onto end user machines, the machines will automatically send data to the Log Server.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.