Creating a TCP or UDP Syslog Connection

For Syslog server, UDP or TCP protocols are used. You can configure the TCP or UDP syslog connection using the following steps:

 

1. In the Hawk Console, click the UC Configuration tab in the upper-right corner.
2. Select Domain and Agent from the dropdown list.
3. Click Forwarders tab.
4. From the New dropdown list, select TCP(Syslog) or UDP(Syslog).

You can modify the following fields in the TCP or UDP syslog forwarding connection:

Option

Description

General

TCP(Syslog) or UDP(Syslog)

Connection Name

Name of the TCP(Syslog) or UDP(Syslog) connection

 

Security

Authentication

Activates the authenticated communication when the button is set as Yes

Encryption

Activates the encrypted communication when the button is set as Yes

Initialize secured connection

Click to select secure connection method from supported formats:

PEM, PKCS12, JKS

NOTE: The security certificate must be available at the Hawk Agent. You must specify the path of the security certificate in the following fields.

PEM

PEM Certificate File

Specify the path of the security certificate in *.pem format.

PEM Private Key File

Specify the path of the Private Key file in .pem format.

Password

Enter the private key password.

Root CA Certificate File

Specify the path of the root CA certificate stored in *.pem format.

PKCS12

PKCS12 Certificate File

Specify the path of the UC PKCS#12 certificate in *.p12 format.

JKS

JKS File

Specify the path of the UC JKS certificate in *.jks format.

Password

Enter the certificate password

Message Buffer

Buffer Size

Enter the buffer size in megabytes. (Default: 100 MB)

 

Forwarding

Address

Enter the IPv4 address or host name of the syslog server.

Port

Enter a port number. (Default: 514)

[TCP Only] Test Connection

Test the connection between Universal Collector microagent and the server.

Message Format

Facility

Select the facility to be applied to the log:

0 - kernel messages

1 - user-level messages

2 - mail system

3 - system daemons

4 - security/authorization messages (note 1)

5 - messages generated internally by syslog

6 - line printer subsystem

7 - network news subsystem

8 - UUCP subsystem

9 - clock daemon (note 2)

10 - security/authorization messages (note 1)

11 - FTP daemon

12 - NTP subsystem

13 - log audit (note 1)

14 - log alert (note 1)

15 - clock daemon (note 2)

16 - local use 0 (local0)

17 - local use 1 (local1)

18 - local use 2 (local2)

19 - local use 3 (local3)

20 - local use 4 (local4)

21 - local use 5 (local5)

22 - local use 6 (local6)

23 - local use 7 (local7)

Severity

Select the severity to be applied to the log:

0 - Emergency: system is unusable

1 - Alert: action must be taken immediately.

2 - Critical: critical conditions.

3- Error: error conditions.

4 - Warning: warning conditions.

5 - Notice: normal but significant condition.

6 - Informational: informational messages.

7 - Debug: debug-level messages.

Custom Header

Indicate the header of the message.

Advanced

 

[TCP only] Session timeout

Enter the session timeout (in seconds)

UC Binding interface

If there are multiple network interfaces, enter the IP address that the

Universal Collector microagent uses when establishing the connection.

Default: 0.0.0.0