Syslog

Syslog source plugin

Syslog is a standard protocol used for message logging and management in Unix and Unix-like systems. It is widely used for system monitoring, debugging, and troubleshooting.

The Syslog source plugin can collect messages through a Unix socket server using UDP or TCP, or over the network using TCP or UDP. It provides a flexible and customizable way to configure your Calyptia Core pipeline to receive, parse, and process Syslog messages.

Configuration parameters

The Syslog source plugin provides these configuration parameters.

General

KeyDescription

Port

TCP port used for listening for incoming messages.

Parser

Specify an alternative parser for the message. If Mode is set to tcp or udp then the default parser is syslog-rfc5424 otherwise syslog-rfc3164-local is used. If your syslog messages have fractional seconds, set this value to syslog-rfc5424 instead. If you have a custom parser, use Advanced Settings to designate the parser.

Mode

Specify UDP or TCP.

Advanced

KeyDescription

Buffer Max Size

Specify the maximum buffer size in KB to receive a JSON message.

Buffer Chunk Size

Sets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by buffer_max_size.

Security and TLS

KeyDescription

TLS

Enable or disable TLS/SSL support.

TLS Certificate Validation

Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.

TLS Debug Level

Set TLS debug verbosity level. Accepts these values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).

CA Certificate File Path

Absolute path to CA certificate file.

Certificate File Path

Absolute path to certificate file.

Private key File Path

Absolute path to private key file.

Private Key Path Password

Optional password for tls.key_file file.

TLS SNI Hostname Extension

Hostname to be used for TLS SNI extension.

Last updated