Syslog Resilient
Most recent version: v0.1.0
Last updated
Was this helpful?
Most recent version: v0.1.0
Last updated
Was this helpful?
Note that this Data sink is only available in certain Tenants. Get in touch with us if you don't see it and want to access it.
Syslog Sink Resilient is a proof-of-concept sink that uses Syslog Sink v2.0.0 underneath. It differs from the base sink in that is has a special "fallback" port used to deliver events that could not be delivered to the destination due to connectivity issues. The event out of the fallback port will contain a field with the assembled the syslog message just so other actions may work with it w/o necessarily knowing about to handle syslog.
Now you need to specify how and where to send the data and how to establish a connection with Syslog.
Enter the basic information for the new Data sink.
Name*
Enter a name for the new Data sink.
Description
Optionally, enter a description for the Data sink.
Tags
Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.
Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.
Now, add the configuration to establish the connection.
Protocol*
Onum supports TCP and UDP protocols.
Host*
Enter the IP address or hostname. Use 0.0.0.0 to indicate all.
Port*
Enter the destination IP port number.
Framing method*
This parameter defines how events are separated within Syslog. Choose between the various options.
octet-counting - Transmits all characters inside a syslog message.
non-transparent - Inserts a Syslog message into a frame and ends with a trailer character.
Trailer character code
The trailer is a single character, mostly ASCII LF.
Internal buffer size
Define the number of bytes allocated for buffering network data during transmission to Syslog.
Write timeout
Enter the number of milliseconds to wait before considering the request a timeout.
Idle timeout
Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed.
Dial timeout
The maximum time (in ms) allowed for establishing a connection before the attempt is aborted.
Connection Time to Live
The maximum duration the connection remains active before it is forcibly closed, regardless of whether it is idle or in use.
Buffer Threshold
Bytes in the buffer before performing a non-blocking flush. The minimum value is 1, and the default value is 262144.
Delivery Timeout
Time in milisecons that the action can wait for the buffer to accept the event's data. The minimum value is 1, and the default value is 10000.
Flush attempts
Number of times the sink will re-attempt to flush its buffer. The minimum value is 1, and the default value is 3.
Connection attempts
Number of times we will reattempt connecting to the destination. The minimum value is 1, and the default value is 3.
Here, you must select or create the secrets containing these values.
Certificate
This is the predefined TLS certificate.
Private key
The private key of the corresponding certificate.
CA chain
The path containing the CA certificates.
Skip TLS validations
Select true or false to validate or not.
Minimum TLS version
Choose the TLS version to use.
Subject Alternate Name to verify
If you have assigned your TLS configuration another name, enter it here.
Click Finish when complete.
When you use this Data sink in a Pipeline, you can configure the output parameters. This is where you give the message the required format to be processed in Syslog.
If your message already has the required format, toggle Passthrough to send the message exactly as it is received by the Data sink. Uncheck Passthrough to manually format the message.
Configure the following parameters to manually format the message:
Toggle ON to enable GZip compression on the message or No to send it on as is.
This sink has two modes of use; it can either assemble a syslog message by selecting a protocol and the event fields to use or it can work as a "passthrough" where it takes a valid syslog message from an event field and just delivers it to the destination.
Toggle OFF to select the desired RFC format (RFC-3164/RFC-5424) to use when sending via the syslog protocol.
Toggle ON to select an event field to use as the messaging format.
Toggle ON to disable the delivery of the event whilst still being able to process it. This means you do not require a valid destination to use the Data sink, as it will not send the data
This sink is split into two parts: a producer and a consumer. The producer (the main pipeline goroutine) adds syslog messages to the sink's internal buffer. The consumer is a separate goroutine that sends those messages to the destination.
Toggling enable prevents the main routine from being blocked while messages are sent (unless the buffer is full) and allows a delivery timeout to stop the producer from waiting too long if the consumer is slow. Simply give it a name in the message out field.
