Syslog over HTTP
Description
You can send Syslog events and data to Mezmo Pipelines through an HTTP endpoint.
The default syslog port is unavailable due to the lack of inherent security. HTTP forwarding is now a common practice for syslog via TLS to protect from packet sniffing and plain text transmission.
Configuration
Use the standard HTTP endpoint for the configuration. Ensure that the encoding matches the configuration of your source.
You must use a discrete parsing processor after the source in order to properly ingest the data and make it accessible to subsequent processors in a pipeline.
This example of an rsyslog configuration illustrates using a defined template to allow inclusion of the API key with the omhttp
output module documented here.
module(load="omhttp")
template(name="tpl1" type="string" string="{\"type\":\"syslog\", \"host\":\"%HOSTNAME%\"}")
action(
type="omhttp"
server="pipeline.app.mezmo.com"
serverport="443"
httpheaders=[
"Authorization: <TOKEN>"
]
template="tpl1"
action.resumeRetryCount="100"
batch="on"
batch.format="jsonarray"
batch.maxsize="10"
)
Option | Description |
---|---|
Decoding Method | The decoding method to use to convert frames to data events. |
Was this page helpful?