Versions Compared

Version Old Version 9 New Version 10
Changes made by

Omry Koschitzky

Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To get data over Configuring an HTTP/S Listener Account

To receive data over HTTP/S, configure an HTTP/S Listener account by following these steps:

...

Step 1: Access the Listener Management Console

  1. Navigate to Manager >

...

  1. Data > Listen to Datain the left panel.

  2. The

...

  1. Listener management console opens.

Step 2: Add

...

  1. Name: the name of the Listener account
  2. Description: the description of the Listener account
  3. Listening Node: the node in the cluster which will listen to the HTTP messages (appears only if a XpoLog cluster is deployed)
  4. Token: a unique token that is identified with this listener and must be included in the used URL when forwarding data to this account - the token ensures only permitted devices send data and also tags the sent data to the desired HTTP/S listener in XpoLog
  5. URL: the URL that devices that forward data to XpoLog should use - including the IP address/Hostname, port, path and token (in case of a cluster - the URL gets populated when selecting a Listening Node)
     

...

a New HTTP/S Listener Account

For each new HTTP/S account, configure the following details:

Basic Configuration

  • Name: Define a unique name for the Listener account.

  • Description: Provide a description for better identification.

  • Listening Node: Specify the node in the cluster that will receive HTTP messages (visible only if an XPLG cluster is deployed).

  • Token: Assign a unique token required for authentication in the request URL. This ensures only authorized devices send data and correctly tags the logs.

  • URL: Specify the URL that devices should use when sending data, including the IP address/hostname, port, path, and token. If using a cluster, the URL is populated upon selecting a Listening Node.

Step 3: Configure Advanced Settings

General Information

  • Enabled: Determine whether the account is active.

Dynamic Log Creation Configuration

(Optional) Configure how logs are created dynamically. Leave settings as default to receive data as is, or use agent configuration to structure log delivery.

  • Parent Folder: Define the folder where logs from this listener will be stored within XPLG.

  • Collection Policy: Assign a collection policy for managing storage and data retention.

  • AppTags: Associate AppTags for data enrichment and categorization.

  • Log Name Prefix: Add a prefix to log names to distinguish logs from multiple listener accounts. Leave empty for no prefix.

  • Split by Source Device: Create separate logs per unique source device based on received messages.

    • Do Not Split: Default setting—stores all incoming data in a single log.

    • Create Log by Unique IP/Host Name: Splits logs based on the source sending the data (Log_Name_Prefix Source_IP/Name

...

    • ).

    • Create

...

    • Log by IP

...

    • Mask: Splits logs based on a configured IP mask (Log_Name_Prefix IP_Mask

...

    • ).

  • Message JSON Key:

...

  • Specifies which JSON field contains the log message. This is necessary when matching a template in XPLG.

  • Split by JSON

...

  • Columns:

...

  • Define a list of JSON keys

...

  • separated by

...

  • ->

...

  • to specify log paths and names. Append * to denote the host.

Advanced Dynamic Log Creation Configuration

...

XPLG can dynamically organize incoming logs based on predefined JSON keys found in log messages:

  • xpologPath: Folder path (-> separated) where logs should be stored.

  • xpologName: Log name in XPLG (appended if another split type is selected

...

  • ).

  • xpologType: Log type; if a matching template exists in XPLG, it will automatically apply it (must be used in conjunction with Message JSON Key).

Step 4: Configure Listener Data Settings

  • Listener Data Location: Define where received data will be stored (default: XPLG data directory).

  • Indexing Node: Select the node responsible for indexing received Syslog messages (only applicable in an XPLG cluster).

  • Indexing Interval: Set the frequency for indexing received Syslog messages.

Step 5: Configure JSON Parsing

  • JSON Parsing Level: Set the maximum depth for extracting JSON data into structured columns.

Step 6: Save and Finalize the Listener Account

Once the configuration is complete, save the Listener account.

Data Processing and Availability

All data received through the HTTP/S Listener account will be stored under the configured parent folder. It will be available for search, reporting, and alerting within XPLG.

__________

How to send data to XPLG

Clients can send JSON-formatted log data to the designated endpoint, which responds with standard HTTP status codes.

Endpoint URL

Code Block
https://XPLG_MACHINE_NAME:XPLG_HTTPS_PORT/logeye/api/logger.jsp

Authentication Each request must include a valid token as a query parameter.

Code Block
?token=XPLG_LISTENER_TOKEN

Request Format

  • Method: POST

  • Headers:

    • Content-Type: application/json

  • Body (JSON):

Code Block
{
  "message": "Your log message here"
}

Example Request Using curl:

Code Block
curl -X POST "https://XPLG_MACHINE_NAME:XPLG_HTTPS_PORT/logeye/api/logger.jsp?token=XPLG_LISTENER_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"message": "Your message to LogEye here"}'

Response Codes for example

  • 200 OK - Log message received successfully.

  • 400 Bad Request - Invalid request format or missing parameters.

  • 500 Internal Server Error - Server encountered an error processing the request.

Security Considerations

  • Ensure XPLG_MACHINE_NAMEresolves correctly in your network and that the port XPLG_HTTPS_PORTis open to allow traffic to go through.

  • Use a valid authentication token to avoid unauthorized access.

  • Secure communication via HTTPS is highly recommended to protect data in transit.