Syslog

Most recent version: v2.0.0

PreviousSplunk HEC NextTCP

Last updated 1 month ago

Was this helpful?

Syslog

Most recent version: v2.0.0

See the changelog of this Data sink type .

Overview

Onum supports integration with Syslog.

Select Syslog from the list of Data sink types and click Configuration to start.

Configuration

Now you need to specify how and where to send the data and how to establish a connection with Syslog.

Metadata

Enter the basic information for the new Data sink.

Parameters

Description

Name*

Enter a name for the new Data sink.

Description

Optionally, enter a description for the Data sink.

Tags

Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.

Metrics display

Configuration

Now, add the configuration to establish the connection.

Parameters

Description

Protocol*

Onum supports TCP and UDP protocols.

Host*

Enter the IP address or hostname. Use 0.0.0.0 to indicate all.

Port*

Enter the destination IP port number.

Framing method*

This parameter defines how events are separated within Syslog. Choose between the various options.

octet-counting - Transmits all characters inside a syslog message.
non-transparent - Inserts a Syslog message into a frame and ends with a trailer character.

Trailer character code

The trailer is a single character, mostly ASCII LF.

Internal buffer size

Define the number of bytes allocated for buffering network data during transmission to Syslog.

Write timeout

Enter the number of milliseconds to wait before considering the request a timeout.

Idle timeout

Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed.

Dial timeout

The maximum time (in ms) allowed for establishing a connection before the attempt is aborted.

Connection Time to Live

The maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use.

Buffer Threshold

Bytes in the buffer before performing a non-blocking flush. The minimum value is 1, and the default value is 262144.

Delivery Timeout

Time in milisecons that the action can wait for the buffer to accept the event's data. The minimum value is 1, and the default value is 10000.

Flush attempts

Number of times the sink will re-attempt to flush its buffer. The minimum value is 1, and the default value is 3.

Connection attempts

Number of times we will reattempt connecting to the destination. The minimum value is 1, and the default value is 3.

TLS configuration

Parameter

Description

Certificate

This is the predefined TLS certificate.

Private key

The private key of the corresponding certificate.

CA chain

The path containing the CA certificates.

Skip TLS validations

Select true or false to validate or not.

Minimum TLS version

Choose the TLS version to use.

Subject Alternate Name to verify

If you have assigned your TLS configuration another name, enter it here.

Click Finish when complete.

Output configuration

When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.

If your message already has the required format, toggle Passthrough to send the message exactly as it is received by the Data sink. Uncheck Passthrough to manually format the message.

Configure the following parameters to manually format the message:

Type

Choose the required Output type: Syslog RFC 3164 (the original BSD format) or Syslog RFC 5424 (the “new” format).

If you are unsure about the veracity of the fields you have chosen, you can click Validate to check if they are valid. For the Syslog RCF 3164 type, you have the option to Auto-fix the values to populate them correctly.

Header

Enter the header parameters:

Priority / Severity & Facility - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.
Timestamp - The field containing the timestamp value.
Hostname - The field containing the hostname.
Appname (only for Syslog RFC 5424) - The field containing the application name.
ProcID (only for Syslog RFC 5424) - The field containing the Process ID.
MsgID (only for Syslog RFC 5424) - The field containing the Message ID.

Structured-data (only for Syslog RFC 5424)

Choose the field to source the structured data from.

Message

Enter the fields used to build the body of the message. The parameters will change depending on the type selected:

Syslog RFC 3164

Tag - The field containing the tag.
ProcId - The incoming field with the process ID.
Content - The field used as the content field.

Syslog RFC 5424

Message - The field containing the message body.

Test mode

Toggle Yes to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data on.

Compression

Toggle Yes to compress the message or No to send it on as is.

PreviousSplunk HEC NextTCP

Last updated 1 month ago

Was this helpful?

See the changelog of this Data sink type .

Overview

Onum supports integration with Syslog.

Select Syslog from the list of Data sink types and click Configuration to start.

Configuration

Now you need to specify how and where to send the data and how to establish a connection with Syslog.

Metadata

Enter the basic information for the new Data sink.

Parameters

Description

Name*

Enter a name for the new Data sink.

Description

Optionally, enter a description for the Data sink.

Tags

Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.

Metrics display

Decide whether or not to include this Data sink info in the metrics and graphs of the area.

Configuration

Now, add the configuration to establish the connection.

Parameters

Description

Protocol*

Onum supports TCP and UDP protocols.

Host*

Enter the IP address or hostname. Use 0.0.0.0 to indicate all.

Port*

Enter the destination IP port number.

Framing method*

This parameter defines how events are separated within Syslog. Choose between the various options.

octet-counting - Transmits all characters inside a syslog message.
non-transparent - Inserts a Syslog message into a frame and ends with a trailer character.

Trailer character code

The trailer is a single character, mostly ASCII LF.

Internal buffer size

Define the number of bytes allocated for buffering network data during transmission to Syslog.

Write timeout

Enter the number of milliseconds to wait before considering the request a timeout.

Idle timeout

Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed.

Dial timeout

The maximum time (in ms) allowed for establishing a connection before the attempt is aborted.

Connection Time to Live

The maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use.

Buffer Threshold

Bytes in the buffer before performing a non-blocking flush. The minimum value is 1, and the default value is 262144.

Delivery Timeout

Time in milisecons that the action can wait for the buffer to accept the event's data. The minimum value is 1, and the default value is 10000.

Flush attempts

Number of times the sink will re-attempt to flush its buffer. The minimum value is 1, and the default value is 3.

Connection attempts

Number of times we will reattempt connecting to the destination. The minimum value is 1, and the default value is 3.

TLS configuration

Here, you must select or create the containing these values.

Parameter

Description

Certificate

This is the predefined TLS certificate.

Private key

The private key of the corresponding certificate.

CA chain

The path containing the CA certificates.

Skip TLS validations

Select true or false to validate or not.

Minimum TLS version

Choose the TLS version to use.

Subject Alternate Name to verify

If you have assigned your TLS configuration another name, enter it here.

Click Finish when complete.

Output configuration

When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.

If your message already has the required format, toggle Passthrough to send the message exactly as it is received by the Data sink. Uncheck Passthrough to manually format the message.

Configure the following parameters to manually format the message:

Type

Choose the required Output type: Syslog RFC 3164 (the original BSD format) or Syslog RFC 5424 (the “new” format).

Header

Enter the header parameters:

Priority / Severity & Facility - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.
Timestamp - The field containing the timestamp value.
Hostname - The field containing the hostname.
Appname (only for Syslog RFC 5424) - The field containing the application name.
ProcID (only for Syslog RFC 5424) - The field containing the Process ID.
MsgID (only for Syslog RFC 5424) - The field containing the Message ID.

Structured-data (only for Syslog RFC 5424)

Choose the field to source the structured data from.

Message

Enter the fields used to build the body of the message. The parameters will change depending on the type selected:

Syslog RFC 3164

Tag - The field containing the tag.
ProcId - The incoming field with the process ID.
Content - The field used as the content field.

Syslog RFC 5424

Message - The field containing the message body.

Test mode

Toggle Yes to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data on.

Compression

Toggle Yes to compress the message or No to send it on as is.