Syslog-NG

Configure Syslog-NG Log Source with observIQ

Prerequisites

It may be necessary to add an inbound firewall rule.
For Windows:

  • Navigate to Windows Firewall Advanced Settings, and then Inbound Rules
  • Create a new rule and set the Rule Type to "Port"
  • For Protocol and Ports, select "UDP" and a specific local port of 514
  • For Action, select "Allow the connection"
  • For Profile, apply to "Domain", "Private", and "Public"
  • Set a name to easily identify rule, such as "Allow Syslog Inbound Connections to 514 UDP"

Configuration

Collect from syslog-ng log streams. Both TCP and UDP are supported.

Option

Description

Listen Address

Use this field to verify the path to the Listen Address. This needs to be an available port on the agent's host. ': '. The default is '0.0.0.0:514'

Connection Type

Choose your sylog connection type: 'udp' or 'tcp'

Protocol

Choose the protocol of received syslog messages: 'rfc3164' or 'rfc5424'

Log Types

Types

syslogng

Dashboards

Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.