Syslog Logs
LogLogic® Universal Collector reads logs sent by using the Syslog protocol. The syslog logs are collected by using TCP or UDP.
LogLogic® Universal Collector does not start up a syslog listener on the desired port until at least one syslog collector exists.
Note: If you want to use both protocols, you must define two Log Sources.
| Protocol | Description |
|---|---|
| UDP | Default configuration. It specifies that the syslog logs must be collected by using UDP protocol. When modifying the status of LogLogic® Universal Collector status (such as updating or stopping it) or when the LogLogic® Universal Collector is not running during the collection, messages might be lost. Indeed, contrary to the TCP protocol, the UDP protocol avoids the overhead of checking whether every packet actually arrived, which might lead to data loss. |
| TCP | Specify that the syslog logs must be collected by using TCP protocol. If another Syslog collector is running on the server where the LogLogic® Universal Collector is installed, the LogLogic® Universal Collector and syslog collector can not have the same port, IP and protocol. In that case, you must either stop the syslog or make the LogLogic® Universal Collector listen on another port. |
Copyright © Cloud Software Group, Inc. All rights reserved.