Syslog-tls Source

Example
yaml
sources:
  MySourceName:
   type: syslog_tls
   certificateFile: cert.pem    
   keyFile: privkey.pem
   maxEventSize: 1048576   
   receiveBufferSize: 16777216
   strict: false
         
   port: 6514   
   bind: "127.0.0.1"
   clientAuthentication:
    type: fingerprint  
    fingerprints:
    - sha-1:bf:88:e7:9e:58:04:d6:85:e6:06:2e:e0:de:d1:3c:44:cd:33:b6:ba
    - sha-256:89:83:8E:56:61:EC:D4:BF:ED:DA:88:2B:A4:8A:27:25:EF:B5:39:F9:5E:59:2D:CA:38:AC:51:8D:C6:7C:D9:59
  tls:
   minVersion: 1_2  
   maxVersion: 1_3
   ciphers:
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_AES_128_GCM_SHA256
    - TLS_AES_256_GCM_SHA384
    - TLS_CHACHA20_POLY1305_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  
  sink: logscale
sinks:
 logscale:
  type: logscale
  token: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX    
  url: https://XXX.YYY.ZZZ     
  maxEventSize: 1048576
Introduction

This configuration demonstrates how to securely collect syslog data over TLS using a LogScale sink. It ensures encrypted communication with certificate-based authentication and customizable event handling.

Step-by-Step
  1. yaml
    sources:
  MySourceName:
   type: syslog_tls
   certificateFile: cert.pem    
   keyFile: privkey.pem

    This fragment defines. a Syslog TLS source named MySourceName which includes the required certificate and private key files.

  2. yaml
    maxEventSize: 1048576   
   receiveBufferSize: 16777216
   strict: false

    It defines buffer sizes and strict event framing behaviour for Syslog TLS source.

  3. yaml
    port: 6514   
   bind: "127.0.0.1"

    This fragment specifies network port and interface binding for Syslog TLS listener.

  4. yaml
    clientAuthentication:
    type: fingerprint  
    fingerprints:
    - sha-1:bf:88:e7:9e:58:04:d6:85:e6:06:2e:e0:de:d1:3c:44:cd:33:b6:ba
    - sha-256:89:83:8E:56:61:EC:D4:BF:ED:DA:88:2B:A4:8A:27:25:EF:B5:39:F9:5E:59:2D:CA:38:AC:51:8D:C6:7C:D9:59

    This fragment explains to validate the clients by matching sha-1 and sha-256 certificate fingerprint.

  5. yaml
    tls:
   minVersion: 1_2  
   maxVersion: 1_3
   ciphers:
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_AES_128_GCM_SHA256
    - TLS_AES_256_GCM_SHA384
    - TLS_CHACHA20_POLY1305_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  
  sink: logscale

    This fragment defines TLS Security settings such as version limits and supported cipher suites.

  6. yaml
    sinks:
 logscale:
  type: logscale
  token: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX    
  url: https://XXX.YYY.ZZZ     
  maxEventSize: 1048576

    This fragment defines a LogScale sink for TLS-based syslog input. It includes the ingest token, target URL, and max event size configuration.

  7. Event Result set.

Summary and Results

This example configures a secure pipeline for ingesting syslog messages over TLS. It includes certificate-based authentication, message size limits, and a LogScale sink for storing the data.