Syslog
Current version v1.3.0
Last updated
Was this helpful?
Current version v1.3.0
Last updated
Was this helpful?
See the changelog of this Sink .
Onum supports integration with Syslog. Select Syslog from the list of sink types and click Configuration to start.
Now you need to specify how and where to send the data, and how to establish a connection with Syslog.
Enter the basic information for the new Data Sink.
Name*
Enter a name for the new Data Sink.
Description
Optionally, enter a description for the Data Sink.
Tags
Add tags to easily identify your Sink. Hit the Enter key after you define each tag.
Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.
Now add the configuration to establish the connection.
Protocol*
Onum supports TCP and UDP protocols.
Host*
Enter the IP address or hostname. Use 0.0.0.0 to indicate all.
Port*
Enter the destination IP port number.
Framing method
This parameter defines how events are separated within syslog. Choose between the various options.
Trailer character code
The trailer is a single character, mostly ASCII LF.
Net buffer size
Define the number of bytes allocated for buffering network data during transmission to Syslog.
Write timeout
Enter the number of milliseconds to wait before considering the request a timeout.
Idle timeout
Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed.
Dial timeout
The maximum time (in ms) allowed for establishing a connection before the attempt is aborted.
Connection Time to Live
The maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use.
Event field
This is the name of the input event field.
Write timeout (ms)
Enter the number of milliseconds to wait before considering the request a timeout.
Here you must select or create the secrets containing these values.
Certificate
This is the predefined TLS certificate.
Private Key
The private key of the corresponding certificate.
CA Chain
The path containing the CA certificates.
Skip TLS validations
Select true or false to validate or not.
Minimum TLS version*
Choose the TLS version to use.
Subject Alternate Name to verify
If you have assigned your TLS configuration another name, enter it here.
Click Finish when complete.
When you use this sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.
If your message already has the required format, toggle Passthrough to send on the message exactly as it is received by the sink.
Uncheck Passthrough to manually format the message:
Type
Output type
The Syslog format to send in: - the original BSD format (RFC3164) - the “new” format (RFC5424)
You must select the incoming fields that correspond to each individual value in order to build the end message. The fields to configure will differ depending on the Syslog type selected.
Header
Enter the header parameters
Priority* /Severity* & Facility* - the field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.
Timestamp - the field containing the Timestamp value.
Hostname - the field containing the hostname.
Message
Enter the fields used to build the body of the message
Tag - the field contaning the tag.
ProcId - the incoming field with the process ID.
Content - the field used as the content field.
If you are unsure about the veracity of the fields you have chosen, you can click Validate to check if they are valid. For the Syslog RCF 3164 type, you have the option to auto-fix the values to correctly populate them.
The following fields appear for both types.
Test mode - Toggle YES to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the sink, as it will not send the data on.
Compression - Toggle YES to compress the message or NO to send on as is.
