WebsiteBlogLogin

Collect data using Syslog

Most recent version: v1.1.2

See the changelog of this Listener type here.

Overview

Onum receives data from Syslog, supporting TCP and UDP protocols. Select Syslog from the list of Listener types and click Configuration to start.

Onum Setup

1

Log in to your Onum tenant and click Listeners > New listener.

2

Double-click the Syslog Listener.

3

Enter a Name for the new Listener. Optionally, add a Description and some Tags to identify the Listener.

4

Enter the required Port and Protocol (TCP or UDP).

Note that you won't see the Port and Protocol settings in the creation form if you're defining this Listener in a Cloud instance, as these are already provided by Onum.

While UDP 514 is the standard, some implementations may use TCP 514 or other ports, depending on specific configurations or security requirements. To determine the syslog port value, check the configuration settings of your syslog server or consult the documentation for your specific device or application.

5

Choose the required Framing Method, which refers to how characters are handled in log messages sent via the Syslog protocol. Choose between:

  • Auto-Detect - automatically detect the framing method using the information provided.

  • Non-Transparent Framing (newline) - the newline characters (\n) within a log message are preserved as part of the message content and are not treated as delimiters or boundaries between separate messages.

  • Non-Transparent Framing (zero) - refers to the way zero-byte characters are handled. Any null byte (\0) characters that appear within the message body are preserved as part of the message and are not treated as delimiters or boundaries between separate messages.

  • Octet Counting (message length) - the Syslog message is preceded by a count of the length of the message in octets (bytes).

6

If you're using TLS authentication, enter the data you received from the Onum team in the TLS configuration section (Certificate, Private key and CA chain). Choose your Client authentication method and Minimum TLS version.

  • Note that the parameters in this section are only mandatory if you decide to include TLS authentication in this Listener. Otherwise, leave it blank.

  • Note that you won't see this section in the creation form if you're defining this Listener in a Cloud instance, as these are already provided by Onum. Learn more about Cloud Listeners in this article.

7

The TLS credentials are saved in Onum as Secrets. In the TLS form, click New secret to create a new one:

  • Give the secret a Name.

  • Turn off the Expiration date option.

  • Click Add new value.

  • Click Save.

Learn more about secrets in Onum in this article.

You can now select the secret you just created in the corresponding fields.

8

Finally, click Create labels. Optionally, you can set labels to be used for internal Onum routing of data. By default, data will be set as Unlabeled. Click Create listener when you're done.

Learn more about labels in this article.

Click Create listener when you're done.

PreviousCollect data using SNMPNextCollect data from Check Point NGFW

Last updated

Was this helpful?