Syslog
The Syslog connector can receive all kinds of syslog messages. You can configure it to receive data on specific ports, but it doesn’t apply classification and enrichment to the messages (apart from standard syslog parsing).
Add new syslog connector
To add a new connector to an AxoRouter host, complete the following steps:
-
Create a new connector.
-
Select Connectors. The list of connectors available on the host is displayed.
-
Select , then select the type of connector you want to create.
-
Select the template to use one of the standard syslog ports and networking protocols, for example, UDP 514 for the RFC3164 syslog protocol.
To configure a different port, or to specify the protocol elements manually, select Custom.
-
Enter a Name for the connector. This name must be unique on the host.
-
(Optional) Add custom labels to the connector.
-
Select the protocol to use for receiving syslog data: TCP, UDP, or TLS.
When using TLS, set the paths for the certificates and keys used for the TLS-encrypted communication with the clients.
You can use absolute paths (for example,
/etc/axorouter/user-config/tls-key.pem). The key and the certificate must be in PEM format. You must manually copy these files to their place on the AxoRouter host, currently you can’t distribute them from Axoflow Console.- CA certificate path: The CA certificate that AxoRouter uses to authenticate the clients.
- Server certificate path: The certificate that AxoRouter shows to the clients.
- Server private key path: The private key of the server certificate.
-
(Optional) If explicitly needed for your use case, you can configure *Framing manually. Otherwise, leave it on Auto. Enable framing (On) if the payload contains the length of the message as specified in RFC6587 3.4.1. Disable (Off) for non-transparent-framing RFC6587 3.4.2.
-
Set the Port of the connector. The port number must be unique on the AxoRouter host.
-
(Optional) If needed for your environment, set protocol-specific connector options as needed.
You can also modify the product and vendor labels of the connector. In that case, Axoflow will treat the incoming messages as it was received and classified as data from the specified product. This is useful if you want to send data from a specific product to a dedicated port.
These labels and other parameters of the connector will be available under the
meta.connectorkey as metadata for the messages received via the connector, and can be used in routing decisions and processing steps. You can check the metadata of the messages using log tapping.
-
Select Create.
-
Make sure to enable the ports you’ve configured in the connector on the firewall of the AxoRouter host, and on other firewalls between the AxoRouter host and your data sources.
Protocol-specific connector options
- Encoding: The character set of the messages, for example,
UTF-8. - Maximum connections: The maximum number of simultaneous connections the connector can receive.
- Socket buffer size: The size of the socket buffer (in bytes).
TCP options
- TCP Keepalive Time Interval: The interval (number of seconds) between subsequential keepalive probes, regardless of the traffic exchanged in the connection.
- TCP Keepalive Probes: The number of unacknowledged probes to send before considering the connection dead.
- TCP Keepalive Time: The interval (in seconds) between the last data packet sent and the first keepalive probe.
TLS options
For TLS, you can use the TCP-specific options, and also the following:
- Require MTLS: If enabled, the clients sending data to the connector must have a TLS certificate, otherwise AxoRouter will reject the connection.
- Verify client certificate: If enabled, AxoRouter verifies certificate of the client, and rejects connections with invalid certificates.
Labels
The AxoRouter syslog connector adds the following meta labels:
| label | value |
|---|---|
| connector.type | syslog |
| connector.name | The Name of the connector |
| connector.port | The port number where the connector receives data |