# Send data using Syslog Resilient {% hint style="info" %} See the changelog of this Data sink type [here](/the-workspace/data-sinks/data-sink-integrations/send-data-using-syslog/send-data-using-syslog-resilient.md). {% endhint %} {% hint style="warning" %} Note that this Data sink is only available in certain Tenants. [Get in touch with us](https://app.gitbook.com/s/cSjT21I4EUhzghjc1rER/) if you don't see it and want to access it. {% endhint %} ## Overview Syslog Sink Resilient is a proof-of-concept sink that uses Syslog Sink v2.0.0 underneath. It differs from the base sink in that is has a special "fallback" port used to deliver events that could not be delivered to the destination due to connectivity issues. The event out of the fallback port will contain a field with the assembled the syslog message just so other actions may work with it w/o necessarily knowing about to handle syslog. ## Onum Setup {% stepper %} {% step %} Log in to your Onum tenant and click **Data Sinks> New Data sink**. {% endstep %} {% step %} Double-click the **Syslog Resilient** Sink. {% endstep %} {% step %} Enter a **Name** for the new Data Sink. Optionally, add a **Description** and some **Tags** to identify the Sink. {% endstep %} {% step %} Decide whether or not to include this Data sink info in the metrics and graphs of the [**Home**](/the-workspace/home.md) area. {% endstep %} {% step %} Enter the **Protocol****\*** used to send the data. Onum supports **TCP** and **UDP** protocols. {% endstep %} {% step %} Enter the **Host****\*** IP address or hostname (use `0.0.0.0` to indicate all) and the destination IP **Port****\*** number. {% endstep %} {% step %} The **Framing method****\*** parameter defines how events are separated within Syslog. Choose between the various options. * **octet-counting** - Transmits all characters inside a syslog message. * **non-transparent** - Inserts a Syslog message into a frame and ends with a trailer character. {% endstep %} {% step %} A **Trailer character code** is used to delimit the end of a message. This is required in **non-transparent** framing over TCP. The most common trailer character is the US-ASCII Line Feed (`10`). {% endstep %} {% step %} Enter the format of the outgoing requests using the following parameters:
ParametersDescription
Net buffer sizeDefine the number of bytes allocated for buffering network data during transmission to Syslog. The minimum value is 1.
Write timeoutEnter the number of milliseconds to wait before considering the request a timeout. The minimum value is 1, and the default value is 5000.
Idle timeoutEnter the milliseconds the connection remains open and idle before it is automatically terminated or closed. The minimum value is 1, and the default value is 60000.
Dial timeoutThe maximum time (in ms) allowed for establishing a connection before the attempt is aborted. The minimum value is 1, and the default value is 10000.
Connection Time to LiveThe maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use. The minimum value is 1, and the default value is 300000.
Buffer ThresholdBytes in the buffer before performing a non-blocking flush. The minimum value is 1, and the default value is 262144.
Delivery TimeoutTime in milliseconds that the action can wait for the buffer to accept the event's data. The minimum value is 1, and the default value is 10000.
Flush attemptsNumber of times the sink will re-attempt to flush its buffer. The minimum value is 1, and the default value is 3.
Connection attemptsNumber of times we will reattempt connecting to the destination. The minimum value is 1, and the default value is 3.
{% endstep %} {% step %} Activate the **TLS Configuration** toggle to enable TLS and configure these parameters: * Choose the **Minimum TLS version****\*** to use * Create a [secret](https://docs.onum.com/administration/tenant-menu) containing your TLS **Certificate** or select one already created * Create a [secret](https://docs.onum.com/administration/tenant-menu) containing your TLS **Private key** or select one already created * Activate or deactivate **Skip TLS validations** * Create a [secret](https://docs.onum.com/administration/tenant-menu) containing your **CA Chain** or select one already created. * If you have assigned your TLS configuration another name, enter it in **Subject Alternate Name to verify**. {% endstep %} {% step %} Click **New secret** to create a new one: * Give the secret a **Name**. * Turn off the **Expiration date** option. * Click **Add new value** and paste the corresponding value. * Click **Save**.
{% hint style="info" %} Learn more about secrets in Onum in [this article](/administration/global-settings/organization-settings/secrets-management.md). {% endhint %} You can now select the created secrets in the configuration. {% endstep %} {% endstepper %} Click **Finish** when complete. ## Output configuration When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog. {% hint style="warning" %} If your message already has the required format, toggle **Passthrough** to send the message exactly as it is received by the Data sink. Uncheck **Passthrough** to manually format the message. {% endhint %} Configure the following parameters to manually format the message: ### **Compression** Toggle **ON** to enable GZip compression on the message or **No** to send it on as is. ### **Passthrough** This sink has two modes of use; it can either assemble a syslog message by selecting a protocol and the event fields to use or it can work as a "passthrough" where it takes a valid syslog message from an event field and just delivers it to the destination. Toggle **OFF** to select the desired RFC format (RFC-3164/RFC-5424) to use when sending via the syslog protocol. Toggle **ON** to select an event field to use as the messaging format. ### **Dry run** Toggle **ON** to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data ### Resiliency Toggling **enable** prevents the main routine from being blocked while messages are sent (unless the buffer is full) and allows a **delivery timeout** to stop the producer from waiting too long if the consumer is slow. Simply give it a name in the message out field. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/data-sinks/data-sink-integrations/send-data-using-syslog/send-data-using-syslog-resilient.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.