Versions Compared

Version Old Version 1 New Version 2
Changes made by

Omry Koschitzky

Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To get Syslog data over TCP, configure XpoLog to listen on a network port for incoming SyslogTo get data over HTTP/S, configure an HTTP/S Listener account:

  1. Go to Manager > Administration > Listeners. The Listeners management console opens.
  2. Add Syslog TCPAdd HTTP account, for each account the following should be configured:
    1. Name: the name of the Listener account
    2. Description: the description of the Listener account
    3. Listening Node: the node in the cluster which will listen to the Syslog HTTP messages (appears only if a XpoLog cluster is deployed)
    4. Port: the port which will be used on the XpoLog machine to receive Syslog messages of this Listener account (usually 1468Token: a unique token that is identified with this listener and must be included in the used URL when forwarding data to this account - the token ensures only permitted devices send data and also tags the sent data to the desired HTTP/S listener in XpoLog
    5. URL: the URL that devices that forward data to XpoLog should use - including the IP address/Hostname, port, path and token (in case of a cluster - the URL gets populated when selecting a Listening Node)
       
    6. Advanced Settings:

      General Information:
      Enabled: determine whether this account is enabled or not
      Listening Interface: the network interface (IP address) on which the XpoLog listener instance is listening

      Dynamic Log Creation Configuration:
      Parent Folder: the parent folder which all logs from this listener will be place under in XpoLog Folders and Logs tree
      Collection Policy: the collection policy which will be associated to all logs from this listener (used mainly for storage location and data retention)
      Log Name Prefix: a prefix which will be added to any of the the logs from this listener (used to easily distinguish between multiple listener accounts logs)
      Split by Source Device: check to create a log for each unique source device value in the received Syslog messages (a log will be create per device with it's associated events)
      Split by Facilities: check to create a log for each unique facility value in the received Syslog messagesJSON columns: 

      Listener Data:
      Listener Data Location: the location which data will be stored to, by default XpoLog stores it in its data directory
      Indexing Nodethe node in the cluster which will index the received Syslog messages (appears only if a XpoLog cluster is deployed)
      Indexing Interval: the frequency in which received Syslog  messages are indexed

      JSON Parsing:
      JSON Parsing Level: set the maximum depth in the JSON object for which data will be extracted into columns
  3. Save the account.
  4. Data received from the Syslog HTTP/S listener account will be created under the configured parent folder and will be available for searching, reporting and alerting 

...

  1. alerting