Syslog (autodetect and classify)

The Syslog (autodetect and classify) connector receives all kinds of syslog data, automatically recognizing the type and format (RFC3164, RFC5424) of the protocol used. It also automatically parses and classifies the incoming messages, recognizing and enriching over 100 data sources.

The Syslog (autodetect and classify) connector receives data on the following ports:

• 514 TCP and UDP for RFC3164 (BSD-syslog) formatted traffic.
• 601 TCP for RFC5424 (IETF-syslog) formatted traffic.
• 6514 TCP for TLS-encrypted syslog traffic.

Add new syslog connector

To create a new connector, complete the following steps:

1. Select Connectors > Create new rule. (Alternatively, you can select Add Connector > Create a connector rule on the Connectors page of an AxoRouter host.)

   

2. Select Syslog (autodetect and classify).

3. Configure the connector rule.

   1. Enter a name for the connector rule into the Rule Name field.

      

   2. (Optional) Add labels to the connector rule. You will be able to use these labels in Flow Processing steps, for example, in the Query field of Select Messages steps.

   3. Set the Router Selector for the connector rule. The selector determines which AxoRouter instances will have a connector based on this connector rule.

      

      • If you leave the Router Selector field empty, the rule will match every AxoRouter instance.
      • To select only a specific AxoRouter instance, set the name field with the name of the instance as selector.
      • If you set multiple fields in the selector, the connector rule will apply only to AxoRouter instances that match all elements of the selector. (There in an AND relationship between the fields.)

   4. (Optional) Enter a Suffix for the connector rule. This suffix will be used in the name of the connector instances created on the AxoRouter hosts. For example, if the name of a matching AxoRouter instance is “my-axorouter”, and the suffix of the rule is “otlp-rule”, the connector created for the AxoRouter will be named “my-axorouter-otlp-rule”.

      If the Suffix field is empty, the name of the connector rule is used instead.

   5. (Optional) Enter a description for the rule.

   6. If needed, enable the Classify automatically and Parse automatically options so AxoRouter automatically identifies and parses messages sent by supported data sources. If your source is not listed, contact us.

      Enabling these options processes all data received by the connectors created based on this connector rule. If you want to apply classification and parsing more selectively, you can use the Classify and Parse processing steps in your Flows.

      Note that Parse automatically requires Classify automatically to be enabled. Parsing automatically parses the data from the content of the message, and replaces the message content (the log.body filed in the internal message schema) with the structured information.

4. (Optional) If you’re creating a multi-level AxoRouter architecture and you want to forward the data received to this connector to another AxoRouter, set the More options > Address Override option to the address of the AxoRouter.

   

5. Select Create.

   Axoflow automatically creates connectors on the AxoRouter hosts that match the Router Selector.

   Make sure to enable the ports you’ve configured in the connector on the firewall of the AxoRouter host, and on other firewalls between the AxoRouter host and your data sources.

Labels

The Syslog (autodetect and classify) connector adds the following meta labels: