WebsiteBlogLogin

Syslog

Most recent version: v2.0.0

See the changelog of this Data sink type here.

Overview

Onum supports integration with Syslog.

Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

Select Syslog from the list of Data sink types and click Configuration to start.

Data sink configuration

Now you need to specify how and where to send the data and how to establish a connection with Syslog.

Metadata

Enter the basic information for the new Data sink.

Parameters
Description

Name*

Enter a name for the new Data sink.

Description

Optionally, enter a description for the Data sink.

Tags

Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.

Metrics display

Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.

Configuration

Now, add the configuration to establish the connection.

Parameters
Description

Protocol*

Onum supports TCP and UDP protocols.

Host*

Enter the IP address or hostname. Use 0.0.0.0 to indicate all.

Port*

Enter the destination IP port number.

Framing method*

This parameter defines how events are separated within Syslog. Choose between the various options.

  • octet-counting - Transmits all characters inside a syslog message.

  • non-transparent - Inserts a Syslog message into a frame and ends with a trailer character.

Trailer character code

A trailer character is used to delimit the end of a message. This is required in non-transparent framing over TCP. The most common trailer character is the US-ASCII Line Feed (10).

Internal buffer size

Define the number of bytes allocated for buffering network data during transmission to Syslog. The minimum value is 1.

Write timeout

Enter the number of milliseconds to wait before considering the request a timeout. The minimum value is 1, and the default value is 5000.

Idle timeout

Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed. The minimum value is 1, and the default value is 60000.

Dial timeout

The maximum time (in ms) allowed for establishing a connection before the attempt is aborted. The minimum value is 1, and the default value is 10000.

Connection Time to Live

The maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use. The minimum value is 1, and the default value is 300000.

Buffer Threshold

Bytes in the buffer before performing a non-blocking flush. The minimum value is 1, and the default value is 262144.

Delivery Timeout

Time in milliseconds that the action can wait for the buffer to accept the event's data. The minimum value is 1, and the default value is 10000.

Flush attempts

Number of times the sink will re-attempt to flush its buffer. The minimum value is 1, and the default value is 3.

Connection attempts

Number of times we will reattempt connecting to the destination. The minimum value is 1, and the default value is 3.

TLS configuration

Set your TLS configuration here:

Parameter
Description

Certificate

Add your TLS certificate from your Secrets or create one.

Private key

Add your private key from your Secrets or create one.

CA chain

Add your CA chain from your Secrets or create one.

Skip TLS validations

Decide whether or not to skip TLS validations.

Minimum TLS version

Choose the TLS version to use.

Subject Alternate Name to verify

If you have assigned your TLS configuration another name, enter it here.

Click Finish when complete. Your new Data sink will appear in the Data sinks area list.

Pipeline configuration

When it comes to using this Data sink in a Pipeline, you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select Configuration.

Output configuration

If your message already has the required format, toggle Passthrough to send on the message exactly as the sink receives it. Uncheck Passthrough to manually format the message:

Parameter
Description

Output type

The Syslog format to send in:

  • The original BSD format (Syslog RFC 3164)

  • The “new” format (Syslog RFC 5424)

If you are unsure about the veracity of the fields you have chosen, you can click Validate to check if they are valid. For the Syslog RCF 3164 type, you have the option to Auto-fix the values to correctly populate them.

You must select the incoming fields that correspond to each value to build the end message in Devo. The fields to configure will differ depending on the Syslog type chosen.

Header

Enter the header parameters:

  • Priority*/ Severity & Facility* - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.

  • Timestamp - The field containing the timestamp value.

  • Hostname - The field containing the hostname.

Message

Enter the fields used to build the body of the message:

  • Tag - The field containing the tag.

  • ProcId - The incoming field with the process ID.

  • Content - The field used as the content field.

Test mode

Decide if you want to send events while they are still processing. This is useful to test the Pipeline without the need for a valid destination.

Compression

Toggle Yes to compress the message as a gzip file.

Click Save to save your configuration.

PreviousSplunk HECNextSumo Logic

Last updated

Was this helpful?