The Secure Syslog endpoint allows you to send syslog data to Axiom over a secure connection. With the Secure Syslog endpoint, the logs you send to Axiom are encrypted using SSL/TLS.

Syslog is an outdated protocol from the 1980s. Some of the limitations are the following:

  • Lack of error reporting and feedback mechanisms when issues occur.
  • Inability to gracefully terminate the connection. This can result in missing data.

For a more reliable and modern logging experience, consider using tools like Vector to receive syslog messages and forward them to Axiom. This approach bypasses many of syslog’s limitations.

Prerequisites

Configure endpoint in Axiom

  1. Click Settings icon Settings > Endpoints.
  2. Click New endpoint.
  3. Click .
  4. Name the endpoint.
  5. Select the dataset where you want to send data.
  6. Copy the URL displayed for the newly created endpoint. This is the target URL where you send the data.

Configure syslog client

  1. Ensure the syslog client meets the following requirements:
    • Message size limit: Axiom currently enforces a 64KB per-message size limit. This is in line with RFC5425 guidelines. Any message exceeding the limit causes the connection to close because Axiom doesn’t support ingesting truncated messages.
    • TLS requirement: Axiom only supports syslog over TLS, specifically following RFC5425. Ensure you have certificate authority certificates installed in your environment to validate Axiom’s SSL certificate. For example, on Ubuntu/Debian systems, install the ca-certificates package. For more information, see the RFC Series documentation.
    • Port requirements: TCP log messages are sent on TCP port 6514.
  2. Configure your syslog client to connect to Axiom. Use the target URL for the endpoint you have generated in Axiom by following the procedure above. For example, https://opbizplsf8klnw.ingress.axiom.co. Consider this URL as secret information because syslog doesn’t support additional authentication such as API tokens.

Troubleshooting

Ensure your messages conform to the size limit and TLS requirements. If the connection is frequently re-established and messages are rejected, the issue can be the size of the messages or other formatting issues.

The Secure Syslog endpoint allows you to send syslog data to Axiom over a secure connection. With the Secure Syslog endpoint, the logs you send to Axiom are encrypted using SSL/TLS.

Syslog is an outdated protocol from the 1980s. Some of the limitations are the following:

  • Lack of error reporting and feedback mechanisms when issues occur.
  • Inability to gracefully terminate the connection. This can result in missing data.

For a more reliable and modern logging experience, consider using tools like Vector to receive syslog messages and forward them to Axiom. This approach bypasses many of syslog’s limitations.

Prerequisites

Configure endpoint in Axiom

  1. Click Settings icon Settings > Endpoints.
  2. Click New endpoint.
  3. Click .
  4. Name the endpoint.
  5. Select the dataset where you want to send data.
  6. Copy the URL displayed for the newly created endpoint. This is the target URL where you send the data.

Configure syslog client

  1. Ensure the syslog client meets the following requirements:
    • Message size limit: Axiom currently enforces a 64KB per-message size limit. This is in line with RFC5425 guidelines. Any message exceeding the limit causes the connection to close because Axiom doesn’t support ingesting truncated messages.
    • TLS requirement: Axiom only supports syslog over TLS, specifically following RFC5425. Ensure you have certificate authority certificates installed in your environment to validate Axiom’s SSL certificate. For example, on Ubuntu/Debian systems, install the ca-certificates package. For more information, see the RFC Series documentation.
    • Port requirements: TCP log messages are sent on TCP port 6514.
  2. Configure your syslog client to connect to Axiom. Use the target URL for the endpoint you have generated in Axiom by following the procedure above. For example, https://opbizplsf8klnw.ingress.axiom.co. Consider this URL as secret information because syslog doesn’t support additional authentication such as API tokens.

Troubleshooting

Ensure your messages conform to the size limit and TLS requirements. If the connection is frequently re-established and messages are rejected, the issue can be the size of the messages or other formatting issues.