Creating a TCP or UDP Syslog Connection
For Syslog server, UDP or TCP protocols are used. You can configure the TCP or UDP syslog connection using the following steps:
1. | In the Hawk Console, click the UC Configuration tab in the upper-right corner. |
2. | Select Domain and Agent from the dropdown list. |
3. | Click Forwarders tab. |
4. | From the New dropdown list, select TCP(Syslog) or UDP(Syslog). |
You can modify the following fields in the TCP or UDP syslog forwarding connection:
Option |
Description |
General |
|
TCP(Syslog) or UDP(Syslog) Connection Name |
Name of the TCP(Syslog) or UDP(Syslog) connection
|
Security |
|
Authentication |
Activates the authenticated communication when the button is set as Yes |
Encryption |
Activates the encrypted communication when the button is set as Yes |
Initialize secured connection |
Click to select secure connection method from supported formats: PEM, PKCS12, JKS NOTE: The security certificate must be available at the Hawk Agent. You must specify the path of the security certificate in the following fields. |
PEM |
|
PEM Certificate File |
Specify the path of the security certificate in *.pem format. |
PEM Private Key File |
Specify the path of the Private Key file in .pem format. |
Password |
Enter the private key password. |
Root CA Certificate File |
Specify the path of the root CA certificate stored in *.pem format. |
PKCS12 |
|
PKCS12 Certificate File |
Specify the path of the UC PKCS#12 certificate in *.p12 format. |
JKS |
|
JKS File |
Specify the path of the UC JKS certificate in *.jks format. |
Password |
Enter the certificate password |
Message Buffer |
|
Buffer Size |
Enter the buffer size in megabytes. (Default: 100 MB)
|
Forwarding |
|
Address |
Enter the IPv4 address or host name of the syslog server. |
Port |
Enter a port number. (Default: 514) |
[TCP Only] Test Connection |
Test the connection between Universal Collector microagent and the server. |
Message Format |
|
Facility |
Select the facility to be applied to the log: 0 - kernel messages 1 - user-level messages 2 - mail system 3 - system daemons 4 - security/authorization messages (note 1) 5 - messages generated internally by syslog 6 - line printer subsystem 7 - network news subsystem 8 - UUCP subsystem 9 - clock daemon (note 2) 10 - security/authorization messages (note 1) 11 - FTP daemon 12 - NTP subsystem 13 - log audit (note 1) 14 - log alert (note 1) 15 - clock daemon (note 2) 16 - local use 0 (local0) 17 - local use 1 (local1) 18 - local use 2 (local2) 19 - local use 3 (local3) 20 - local use 4 (local4) 21 - local use 5 (local5) 22 - local use 6 (local6) 23 - local use 7 (local7) |
Severity |
Select the severity to be applied to the log: 0 - Emergency: system is unusable 1 - Alert: action must be taken immediately. 2 - Critical: critical conditions. 3- Error: error conditions. 4 - Warning: warning conditions. 5 - Notice: normal but significant condition. 6 - Informational: informational messages. 7 - Debug: debug-level messages. |
Custom Header |
Indicate the header of the message. |
Advanced |
|
[TCP only] Session timeout |
Enter the session timeout (in seconds) |
UC Binding interface |
If there are multiple network interfaces, enter the IP address that the Universal Collector microagent uses when establishing the connection. Default: 0.0.0.0 |