Syslog

Linux

✓

Windows

✓

macOS

✓

Kubernetes Gateway

✓

OpenShift Gateway

✓

protocol*

enum

"rfc3164"

The RFC protocol to use when parsing incoming syslog. Valid values are rfc3164 or rfc5424.

connection_type

enum

udp

The transport protocol to use. Valid values are udp or tcp.

data_flow

enum

high

Enable high flow or reduced low flow.

listen_port*

int

5140

The port to bind to and receive syslog. Collector must be running as root (Linux) or Administrator (windows) when binding to a port below 1024.

listen_ip*

string

"0.0.0.0"

The IP address to bind to and receive syslog.

timezone

enum

UTC

RFC3164 only. The timezone to use when parsing timestamps.

enable_octet_counting

bool

false

Whether or not to parse using a trailer character. This is a special character that will be the termination character for syslog messages. This is only applicable to tcp and rfc5424 configurations.

non_transparent_framing_trailer

enum

LF

Whether or not to enable octet counting on syslog framing. This framing allows for the transmission of all characters inside a syslog message. This is only applicable to tcp and rfc5424 configurations.

enable_mutual_tls

bool

false

Whether or not to use mutual TLS.

cert_file

string

Path to the TLS cert to use for TLS-required connections.

key_file

string

Path to the TLS key to use for TLS-required connections.

ca_file

string

When set, enforces mutual TLS authentication and verifies client certificates.

tls_min_version

enum

"1.2"

The minimum TLS version to support. 1.0 and 1.1 should not be considered secure.

max_log_size

string

"1Mib"

When using tcp, the maximum size of a log entry to read. A log entry will be truncated if it is larger than max_log_size. Protects against reading large amounts of data into memory.

async_readers

int

1

When using udp, determines how many workers read from UDP port and push to buffer. Generally this value should remain at 1 unless otherwise directed by Bindplane support.

async_processors

int

3

When using udp, determines how many workers read from buffer (pushed by readers) and process logs before sending downstream. Increasing this value can be useful when the collector is under significant load.

max_queue_length

int

100

When using udp, determines size of buffer being used by async reader workers. When buffer reaches max number, reader workers will block until buffer has room. Increasing this value can be useful if you anticipate short durations of increased log volume. Generally, you should increase async_processors before increasing this value.