# Syslog ### Supported Platforms | Platform | Metrics | Logs | Traces | | ------------------ | ------- | ---- | ------ | | Linux | | ✓ | | | Windows | | ✓ | | | macOS | | ✓ | | | Kubernetes Gateway | | ✓ | | | OpenShift Gateway | | ✓ | | ### Configuration Table

Parameter	Type	Default	Description
protocol*	`enum`	"rfc3164"	The RFC protocol to use when parsing incoming syslog. Valid values are `rfc3164` or `rfc5424`.
connection_type	`enum`	udp	The transport protocol to use. Valid values are `udp` or `tcp`.
data_flow	`enum`	high	Enable high flow or reduced low flow.
listen_port*	`int`	5140	The port to bind to and receive syslog. Collector must be running as root (Linux) or Administrator (windows) when binding to a port below 1024.
listen_ip*	`string`	"0.0.0.0"	The IP address to bind to and receive syslog.
timezone	`enum`	UTC	RFC3164 only. The timezone to use when parsing timestamps.
enable_octet_counting	`bool`	false	Whether or not to parse using a trailer character. This is a special character that will be the termination character for syslog messages. This is only applicable to `tcp` and `rfc5424` configurations.
non_transparent_framing_trailer	`enum`	LF	Whether or not to enable octet counting on syslog framing. This framing allows for the transmission of all characters inside a syslog message. This is only applicable to `tcp` and `rfc5424` configurations.
enable_mutual_tls	`bool`	false	Whether or not to use mutual TLS.
cert_file	`string`		Path to the TLS cert to use for TLS-required connections.
key_file	`string`		Path to the TLS key to use for TLS-required connections.
ca_file	`string`		When set, enforces mutual TLS authentication and verifies client certificates.
tls_min_version	`enum`	"1.2"	The minimum TLS version to support. 1.0 and 1.1 should not be considered secure.
max_log_size	`string`	"1Mib"	When using `tcp`, the maximum size of a log entry to read. A log entry will be truncated if it is larger than max_log_size. Protects against reading large amounts of data into memory.
async_readers	`int`	1	When using `udp`, determines how many workers read from UDP port and push to buffer. Generally this value should remain at `1` unless otherwise directed by Bindplane support.
async_processors	`int`	3	When using `udp`, determines how many workers read from buffer (pushed by readers) and process logs before sending downstream. Increasing this value can be useful when the collector is under significant load.
max_queue_length	`int`	100	When using `udp`, determines size of buffer being used by async reader workers. When buffer reaches max number, reader workers will block until buffer has room. Increasing this value can be useful if you anticipate short durations of increased log volume. Generally, you should increase `async_processors` before increasing this value.

\**required field* ### Kubernetes When using this source with Kubernetes or OpenShift, you must create a custom Service resource to\ route traffic to the collector. See the Kubernetes [Service](/deployment/kubernetes/collector/custom-service.md) for more information. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bindplane.com/integrations/sources/syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.