Forum Discussion

Petr

7 years ago

TCP Syslog?

Hey there, is there any chance to have syslog on collector using also a TCP port? Thanks, petr

syslog

TCP

Mike_Rodrigues

Product Manager

6 years ago

Hey @mnagel, my understanding is that neither RFC allows for a message lacking the hostname, which is what we were seeing with lots of Cisco syslog. They seem to admit as much: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc35989

We use syslog4j under the hood to parse messages. It could not parse them out of the box, so we modified it to handle Cisco's syslog. RFC compliant or not, we can't reasonably not support syslog for one of the largest network vendors in the world.

The graylog project did essentially the same thing to handle Cisco and Fortinet syslog.

As for the field limitations, I need to do some more reading. I realize you have another solution, but I'd still like to improve what we have.

Forum Discussion

TCP Syslog?

Related Content

sending Windows syslogs to Logicmonitor

Monitor arbitrary TCP port

New user - looking for information on parsing fields from Syslog message field

The TCP/IP connection to the host 192.168.3.23, port 1433 has failed (on default port)

Collectors and TCP Ephemeral ports exhaustion detection

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards