Syslog

The Syslog backend is ingest-only, and exports logs to a remote Syslog receiver using TCP or TLS. It adheres to RFC 5424 and uses octet-counting framing.

Behavior and Configuration

Configuration

The following values are required when creating a Syslog backend:

host: (string, required) The hostname or IP address of the syslog receiver.
port: (integer, required) The port of the syslog receiver (0-65535).

The following values are optional:

tls: (boolean) If true, connects via SSL/TLS. Defaults to false (TCP).
structured_data: (string) Static RFC 5424 Structured Data to include in every log frame (e.g., [exampleSDID@32473 iut="3" eventSource="Application"]).
cipher_key: (string) A base64-encoded 32-byte key. If provided, the log body is encrypted using AES-256-GCM.
ca_cert: (string) PEM encoded CA certificate for verifying the server. If not provided, the backend falls back to the system's default CA certificate bundle.
client_cert: (string) PEM encoded client certificate for mTLS.
client_key: (string) PEM encoded client private key for mTLS.

note

If client_cert is provided, client_key is also required.

Behavior and Configuration​

Configuration​

Behavior and Configuration

Configuration