This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Generic tips

The following section gives you a generic overview on how to configure a source to send its log data to Axoflow. If there is a specific section for your source, follow that instead of the generic procedure. For details, see the documentation of your source.

CAUTION:

Make sure to set data forwarding as described in this guide. Different setting like other message format or port might be valid, but can result in data loss or incorrect parsing.

Default connectors

By default, an AxoRouter deployment has the following connectors configured:

Open ports

By default, AxoRouter accepts data on the following ports:

  • 514 TCP and UDP for RFC3164 (BSD-syslog) formatted traffic.
  • 601 TCP for RFC5424 (IETF-syslog) formatted traffic.
  • 6514 TCP for TLS-encrypted syslog traffic.
  • 4317 TCP for OpenTelemetry log data.

To receive data on other ports or other protocols, configure the source connectors of the AxoRouter host.

Make sure to enable the ports you’re using on the firewall of your host.

Prerequisites

To configure a source to send data to Axoflow, make sure that:

  • You have administrative access to the device or host.
  • The date, time, and time zone are correctly set on the source.
  • You have an AxoRouter deployed and configured. This device is going to receive the logs from the source.
  • You know the IP address the AxoRouter. To find it:

    1. Open the Axoflow Console.
    2. Select the Hosts or the Topology page.
    3. Click on AxoRouter instance that is going to receive the logs.
    4. Check the Networks > Address field.

Steps

  1. Log in to your device. You need administrator privileges to perform the configuration.

  2. If needed, enable syslog forwarding on the device.

  3. Set AxoRouter as the syslog server. Typically, you can configure the following parameters:

    • Name or IP Address of the syslog server: Set the address of your AxoRouter.

    • Protocol: If possible, set TCP or TLS.

    • Syslog Format: If possible, set RFC5424 (or equivalent), otherwise leave the default.

    • Port: Set a port appropriate for the protocol and syslog format you have configured.

      By default, AxoRouter accepts data on the following ports:

      • 514 TCP and UDP for RFC3164 (BSD-syslog) formatted traffic.
      • 601 TCP for RFC5424 (IETF-syslog) formatted traffic.
      • 6514 TCP for TLS-encrypted syslog traffic.
      • 4317 TCP for OpenTelemetry log data.

      To receive data on other ports or other protocols, configure the source connectors of the AxoRouter host.

      Make sure to enable the ports you’re using on the firewall of your host.

  4. Add the appliance to the Axoflow Console. For details, see Vendors.