Syslog source plugin
Syslog is a standard protocol used for message logging and management in Unix and Unix-like systems. It is widely used for system monitoring, debugging, and troubleshooting.
The Syslog source plugin can collect messages through a Unix socket server using UDP or TCP, or over the network using TCP or UDP. It provides a flexible and customizable way to configure your Calyptia Core pipeline to receive, parse, and process Syslog messages.
Configuration parameters
The Syslog source plugin provides these configuration parameters.
General
Key | Description |
---|---|
Port | TCP port used for listening for incoming messages. |
Parser | Specify an alternative parser for the message. If Mode is set to tcp or udp then the default parser is syslog-rfc5424 otherwise syslog-rfc3164-local is used. If your syslog messages have fractional seconds, set this value to syslog-rfc5424 instead. If you have a custom parser, use Advanced Settings to designate the parser. |
Mode | Specify UDP or TCP. |
Advanced
Key | Description |
---|---|
Buffer Max Size | Specify the maximum buffer size in KB to receive a JSON message. |
Buffer Chunk Size | Sets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by buffer_max_size. |
Security and TLS
Name | Key | Description | Default |
---|---|---|---|
TLS | tls | Enable or disable TLS/SSL support. | none |
TLS Certificate Validation | tls.verify | Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled. | on |
TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
Private Key File Path | tls.key_file | Absolute path to private key file. | none |
Private Key Path Password | tls.key_passwd | Optional password for tls.key_file file. | none |
TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |