📘
Prerequisites
This guide assumes that you have an environment.tf file generated by symflow init
If you have not run symflow init, please follow the instructions in the 10 Minute Quickstart page.

Overview

You can stream your Sym audit logs directly to Datadog with our native integration. Simply authorize Sym in your Datadog organization, Terraform a sym_log_destination, and your logs will land in a prebuilt dashboard that you can customize to fit your reporting needs.

Connecting Sym and DataDog

Authorize Sym to Send Data to Your Datadog Organization

Go to your Datadog Integrations page and click on the Sym tile.
Click on "Install Integration"
Datadog will redirect you to Sym to begin the OAuth authorization flow. Enter your Sym Org ID here to continue to log in to Sym.
After authenticating, Sym will redirect you to Datadog to authorize Sym with the api_keys_write scope. After you authorize Sym, Sym will create an API Key in your Datadog organization, which will be used to send logs to Datadog directly.
If Sym successfully connects with Datadog, a sym_log_destination Terraform resource will be displayed. We will copy this resource into your Sym Terraform Configuration in the next section.

Add a Datadog Log Destination

Add a sym_log_destination resource with type = datadog. You should be able to copy and paste the Terraform resource displayed at the end of the DataDog OAuth flow.

resource "sym_log_destination" "datadog" {
  type = "datadog"
  
  settings = {
    # This should match the Datadog site you authorized Sym in.
    datadog_site = "us1"
    
    stream_name = "${local.environment}-datadog"
   }
}

Add the Log Destination to your Environment

Each sym_environment accepts a list of Log Destinations to send reporting logs to. Add the ID of the Log Destination you just defined to the log_destination_ids list.

resource "sym_environment" "this" {
  name            = "main"
  error_logger_id = sym_error_logger.slack.id
  
  # Add your log destinations here
  log_destination_ids = [sym_log_destination.datadog.id]

  integrations = {
    slack_id = sym_integration.slack.id
  }
}

Viewing Logs in Datadog

Default Tags

All logs sent to Datadog are tagged with:

service:sym
source:sym
symenv:{environment_name}, where environment_name is the name value of the sym_environment the Log Destination is attached to.
- For example, if the name value of the sym_environment is prod, then all logs will be tagged with symenv:prod

Troubleshooting

"An API Key already exists in your Datadog Organization"

Only one API Key may exist for the Sym OAuth Client in your Datadog Organization. If you receive this error message, this means that another user in your Datadog Organization has already completed the OAuth flow connecting Sym with your Datadog Organization, and you do not need to complete the OAuth authorization flow again.

If you wish to fully re-connect Sym and Datadog, navigate to the API Key Settings page in Datadog, locate the API Key with a name like "Sym OAuth Client API Key" and revoke it.