This guide covers configuring the LogFlux Agent daemon and its plugins.
Quick Setup
After installing the agent, set your API key and start the service:
1
| sudo nano /etc/logflux-agent/agent.yaml
|
1
2
| agent:
api_key: eu-lf_your-api-key-here
|
1
| sudo systemctl enable --now logflux-agent
|
Full Configuration Reference
The main configuration file is /etc/logflux-agent/agent.yaml. All fields except api_key are optional with sensible defaults.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| # Basic agent settings
agent:
api_key: "eu-lf_your-api-key-here" # REQUIRED
# hostname: "" # Override auto-detected hostname
# server_url: "" # Override auto-discovered ingestor URL
# log_level: "info" # debug, info, warn, error, fatal
# public_key_fingerprint: "" # RSA fingerprint for MITM protection
# fingerprint_mode: "warn" # warn or strict
# Proxy (for connecting to backend through HTTP proxy)
proxy:
# enabled: false
# url: "" # http://proxy:8080 or socks5://proxy:1080
# username: ""
# password: ""
# Queue (durable SQLite queue for log entries)
queue:
# type: "sqlite"
# size: 10000 # Max entries in queue
# max_memory_usage: 104857600 # 100 MB
# database_path: "/var/lib/logflux-agent/queue.db"
# Batch processing (controls how entries are sent to the ingestor)
batch:
size: 500 # Entries per batch (immediate flush when full)
# flush_interval: 5s # Max time before flushing partial batch
# max_batch_wait: 30s # Safety limit for batch accumulation
# compression_type: "gzip" # gzip or zstd
# max_batch_retries: 3
# Retry (exponential backoff for failed sends)
retry:
# max_retries: 10
# initial_delay: 100ms
# max_delay: 60s
# backoff_factor: 2.0
# resilient_mode: true # Queue entries on persistent failure
# Workers
workers:
# count: 4 # Concurrent send workers
# Health check
health:
# check_interval: 30s
# Graceful shutdown
# shutdown_timeout: 30s
# Local server (Unix socket for plugin communication)
local_server:
unix:
# path: "/var/run/logflux-agent/agent.sock"
protocol:
# max_message_size: 1048576 # 1 MB
# max_connections: 100
ping_interval: 20s # Keepalive ping (0 to disable)
buffer:
# size: 4096
# max_batch_size: 100
# flush_interval: 5s
# Tags (added to all log entries as metadata)
tags:
# environment: "production"
# region: "us-west-2"
# datacenter: "dc1"
|
Configuration Sections
agent
| Field | Default | Description |
|---|
api_key | – | Required. Your LogFlux API key (<region>-lf_...) |
hostname | system hostname | Override the auto-detected hostname |
server_url | auto-discovered | Override the ingestor URL (skips discovery) |
log_level | info | Agent’s own log verbosity: debug, info, warn, error, fatal |
public_key_fingerprint | – | RSA public key fingerprint for MITM protection |
fingerprint_mode | warn | warn = log on mismatch, strict = fail on mismatch |
proxy
| Field | Default | Description |
|---|
enabled | false | Enable HTTP proxy for backend connections |
url | – | Proxy URL (http://, https://, or socks5://) |
username | – | Proxy authentication username |
password | – | Proxy authentication password |
queue
| Field | Default | Description |
|---|
type | sqlite | Queue backend (SQLite for durable, crash-safe queuing) |
size | 10000 | Maximum entries in queue |
max_memory_usage | 104857600 | Maximum memory usage (100 MB) |
database_path | /var/lib/logflux-agent/queue.db | SQLite database path |
batch
| Field | Default | Description |
|---|
size | 500 | Entries per batch (flushes immediately when full) |
flush_interval | 5s | Maximum time before flushing a partial batch |
max_batch_wait | 30s | Safety limit for batch accumulation |
compression_type | gzip | Compression: gzip or zstd |
max_batch_retries | 3 | Retries for failed batch sends |
retry
| Field | Default | Description |
|---|
max_retries | 10 | Maximum retry attempts |
initial_delay | 100ms | Initial retry delay |
max_delay | 60s | Maximum retry delay |
backoff_factor | 2.0 | Exponential backoff multiplier |
resilient_mode | true | Queue entries on persistent failure instead of dropping |
local_server
| Field | Default | Description |
|---|
unix.path | /var/run/logflux-agent/agent.sock | Unix socket path for plugin communication |
protocol.max_message_size | 1048576 | Maximum message size (1 MB) |
protocol.max_connections | 100 | Maximum concurrent plugin connections |
protocol.ping_interval | 20s | Keepalive ping interval (0 to disable) |
buffer.size | 4096 | Read buffer size |
buffer.max_batch_size | 100 | Maximum entries per plugin batch |
buffer.flush_interval | 5s | Plugin buffer flush interval |
Custom key-value pairs added to all log entries as metadata. Each tag is prefixed with tag_ in the metadata.
1
2
3
| tags:
environment: "production" # metadata["tag_environment"] = "production"
region: "us-west-2" # metadata["tag_region"] = "us-west-2"
|
Configuration Priority
- Command-line flags:
-config, -init, -version - Custom config file: Specified with
-config /path/to/agent.yaml - Default config:
/etc/logflux-agent/agent.yaml - Built-in defaults: Fallback values
Plugin Configuration
Each plugin has its own YAML config in /etc/logflux-agent/plugins/. Plugin configs share a common structure:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| name: plugin-name
version: 1.0.0
source: plugin-source
agent:
socket_path: /var/run/logflux-agent/agent.sock
network: unix
connect_timeout: 10s
max_retries: 3
retry_delay: 1s
plugin:
# Plugin-specific settings (see integration docs)
logging:
level: info
labels: {}
verbose: false
batch:
enabled: true
max_size: 100
flush_interval: 5s
auto_flush: true
|
See the Integrations section for plugin-specific configuration.
LogFlux API keys use a region-prefixed format:
- Format:
<region>-lf_ followed by 32 alphanumeric characters - Regions:
eu, us, ca, au, ap - Example:
eu-lf_abcd1234efgh5678ijkl9012mnop3456 - Legacy: Older keys without region prefix (
lf_...) are still accepted
Get your API key from the LogFlux Dashboard.
Security
File Permissions
1
2
3
4
5
| sudo chmod 600 /etc/logflux-agent/agent.yaml
sudo chown root:logflux /etc/logflux-agent/agent.yaml
sudo chmod 700 /etc/logflux-agent/plugins/
sudo chown -R root:logflux /etc/logflux-agent/plugins/
|
API Key in Environment
Instead of putting the API key in the config file, use a systemd override:
1
| sudo systemctl edit logflux-agent
|
1
2
| [Service]
Environment=LOGFLUX_API_KEY=eu-lf_abcd1234efgh5678ijkl9012mnop3456
|
Service User
The agent runs as the logflux user by default (created during package installation). The systemd service file includes security hardening: NoNewPrivileges, PrivateTmp, ProtectSystem=strict, ProtectHome.
Service Management
1
2
3
4
5
| sudo systemctl start logflux-agent
sudo systemctl stop logflux-agent
sudo systemctl restart logflux-agent
sudo systemctl status logflux-agent
sudo journalctl -u logflux-agent -f
|
Enable/Disable Plugins
1
2
3
4
5
6
7
| # Enable plugins
sudo systemctl enable --now logflux-agent-journald
sudo systemctl enable --now logflux-agent-metrics
# Disable unused plugins
sudo systemctl disable logflux-agent-docker
sudo systemctl disable logflux-agent-kubernetes
|
Common Issues
Invalid API Key
Error: authentication failed: invalid API key
- Verify format:
<region>-lf_ followed by 32 characters - Check for extra spaces in the YAML
Socket Permission Errors
Error: permission denied accessing /var/run/logflux-agent/agent.sock
- Ensure the agent service is running (
systemctl status logflux-agent) - Check that the plugin user can access the socket
Socket Not Found
Error: dial unix /var/run/logflux-agent/agent.sock: no such file or directory
- Start the agent:
sudo systemctl start logflux-agent - The socket is created by the agent on startup via
RuntimeDirectory=logflux-agent
Next Steps