The sumologic-http() and sumologic-syslog() destinations have the following options.
The sumologic-http() destination supports all HTTP destination options.
In addition, the sumologic-http() destination also has the following options.
Accepted values: | Directory name |
Default: | none |
Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.
This option can be used together with the optional ca-file() option.
Accepted values: | File name |
Default: | empty |
Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.
Example format in configuration:
ca-file("/etc/pki/tls/certs/ca-bundle.crt")
NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.
Type: | string |
Default: | empty |
Description: The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.
For details on the option in the destination's declaration, see .
Type: | string |
Default: | empty string |
Description: Required. This option specifies your Sumo Logic deployment.
For details on the deployment() option in the sumologic-http() destination's declaration, see .
For details on the deployment() option in the sumologic-syslog() destination's declaration, see .
Type: | string list |
Default: | empty |
Description: Custom HTTP headers to include in the request, for example, headers("HEADER1: header1", "HEADER2: header2"). If not set, only the default headers are included, but no custom headers.
The following headers are included by default:
X-Syslog-Host: <host>
X-Syslog-Program: <program>
X-Syslog-Facility: <facility>
X-Syslog-Level: <loglevel/priority>
NOTE: The headers() option is a required option for the sumologic-http() destination.
Type: | tls options |
Default: | n/a |
Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.
The sumologic-syslog() destination supports all network() destination options.
In addition, the sumologic-syslog() destination also has the following options.
Accepted values: | Directory name |
Default: | none |
Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.
This option can be used together with the optional ca-file() option.
Accepted values: | File name |
Default: | empty |
Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.
Example format in configuration:
ca-file("/etc/pki/tls/certs/ca-bundle.crt")
NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.
Type: | string |
Default: | empty string |
Description: Required. This option specifies your Sumo Logic deployment.
For details on the deployment() option in the sumologic-http() destination's declaration, see .
For details on the deployment() option in the sumologic-syslog() destination's declaration, see .
Type: | number |
Default: | 6514 |
Description: Optional. This option sets the port number of the Sumo Logic server to connect to.
Type: | string list |
Default: | "tag" |
Description: Optional. This option specifies the list of tags to add as the tags fields of Sumo Logic messages. If not specified, syslog-ng OSE automatically adds the tags already assigned to the message. If you set the tag() option, only the tags you specify will be added to the messages.
Type: | tls options |
Default: | n/a |
Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.
Type: | string |
Default: |
Description: Required option. The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.
The syslog() driver sends messages to a remote host (for example, a syslog-ng server or relay) on the local intranet or internet using the new standard syslog protocol developed by IETF (for details about the new protocol, see IETF-syslog messages). The protocol supports sending messages using the UDP, TCP, or the encrypted TLS networking protocols.
The required arguments of the driver are the address of the destination host (where messages should be sent). The transport method (networking protocol) is optional, syslog-ng uses the TCP protocol by default. For the list of available optional parameters, see syslog() destination options.
syslog(host transport [options]);
NOTE: Note that the syslog destination driver has required parameters, while the source driver defaults to the local bind address, and every parameter is optional.
The udp transport method automatically sends multicast packets if a multicast destination address is specified. The tcp and tls methods do not support multicasting.
NOTE: The default ports for the different transport protocols are as follows: UDP — 514, TCP — 601, TLS — 6514.
destination d_tcp { syslog("10.1.2.3" transport("tcp") port(1999) localport(999)); };
If name resolution is configured, the hostname of the target server can be used as well.
destination d_tcp { syslog("target_host" transport("tcp") port(1999) localport(999)); };
Send the log messages using TLS encryption and use mutual authentication. For details on the encryption and authentication options, see TLS options.
destination d_syslog_tls { syslog("10.100.20.40" transport("tls") port(6514) tls(peer-verify(required-trusted) ca-dir('/opt/syslog-ng/etc/syslog-ng/keys/ca.d/') key-file('/opt/syslog-ng/etc/syslog-ng/keys/client_key.pem') cert-file('/opt/syslog-ng/etc/syslog-ng/keys/client_certificate.pem') ) ); };
NOTE: If a message uses the IETF-syslog format (RFC5424), only the text of the message can be customized (that is, the $MESSAGE part of the log), the structure of the header is fixed.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center