CoreOS on Google Compute Engine: push systemd journal logs to logentries.com https://medium.com/coreos-linux-for-massive-server-deployments/defb984185c5

cloud-config.yaml

#cloud-config

write_files:
  - path: /home/core/journal2logentries.sh
    permissions: '0744'
    owner: root:root
    content: |
      #!/usr/bin/env bash
      # CoreOS on Google Compute Engine: push systemd journal logs to logentries.com
      # get your private token from logentries.com, see https://logentries.com/doc/input-token

      # token in custom metadata?
      token=$(curl --fail -s "http://metadata/computeMetadata/v1/instance/attributes/logentries-token" -H "X-Google-Metadata-Request: True")  
      if [[ ! $token ]]; then
        # token in common metadata?
        token=$(curl --fail -s "http://metadata/computeMetadata/v1/project/attributes/logentries-token" -H "X-Google-Metadata-Request: True")
      fi
      if [[ ! $token ]]; then
        # we have a problem!
        exit 10
      fi
      journalctl -o short -f | awk -v token=$token '{ print token, $0; fflush(); }' | ncat --ssl --ssl-verify data.logentries.com 20000

      # should you have problems verifying SSL certificates, here are all certificates from logentries.com
      # https://logentries.com/doc/certificates
      # no ssl required?
      # journalctl -o short -f | awk -v token=$token '{ print token, $0; fflush(); }' | ncat data.logentries.com 10000


coreos: 
  units: 
    - name: logentries.service
      command: start
      runtime: no
      content: |
        [Unit] 
        Description=Push journal logs to logentries.com 
        After=systemd-journald.service
        After=systemd-networkd.service

        [Service]
        Restart=always
        ExecStart=/bin/bash /home/core/journal2logentries.sh

        [Install]
        WantedBy=multi-user.target