Syslog (autodetect and classify)

The Syslog (autodetect and classify) connector receives all kinds of syslog data, automatically recognizing the type and format (RFC3164, RFC5424) of the protocol used. It also automatically parses and classifies the incoming messages, recognizing and enriching over 100 data sources.

The Syslog (autodetect and classify) connector receives data on the following ports:

  • 514 TCP and UDP for RFC3164 (BSD-syslog) formatted traffic.
  • 601 TCP for RFC5424 (IETF-syslog) formatted traffic.
  • 6514 TCP for TLS-encrypted syslog traffic.

Add new syslog connector

To add a new connector to an AxoRouter host, complete the following steps:

  1. Create a new connector.

    1. Find the host.

    2. Select Connectors. The list of connectors available on the host is displayed.

      Connectors of the host

    3. Select add , then select the type of connector you want to create.

      Connectors of the host

    4. Enter a Name for the connector. This name must be unique on the host.

      Connectors of the host

    5. (Optional) Add custom labels to the connector.

      You can also modify the product and vendor labels of the connector. In that case, Axoflow will treat the incoming messages as it was received and classified as data from the specified product. This is useful if you want to send data from a specific product to a dedicated port.

      These labels and other parameters of the connector will be available under the meta.connector key as metadata for the messages received via the connector, and can be used in routing decisions and processing steps. You can check the metadata of the messages using log tapping.

      Connectors of the host

  2. (Optional) If you’re creating a multi-level AxoRouter architecture and you want to forward the data received to this connector to another AxoRouter, set the Address Override option to the address of the AxoRouter.

  3. Select Create.

  4. Make sure to enable the ports you’ve configured in the connector on the firewall of the AxoRouter host, and on other firewalls between the AxoRouter host and your data sources.

Labels

The Syslog (autodetect and classify) connector adds the following meta labels:

label value
connector.type soup
connector.name The Name of the connector