Document toolboxDocument toolbox

Syslog

Owned by Former user (Deleted)
Nov 29, 2024
2 min read

Send events to remote syslog server.

Connect Syslog server with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Syslog.

  3. Click Details, then the + icon. Enter the required information in the following fields.

    • Label: Enter a connection name.

    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

    • Remote Agent: Run this integration using the Devo Soar Remote Agent.

    • Hostname or IP Address: Hostname or IP Address of the Syslog server.

    • Port: Port at which Syslog Server is listening.

    • Message Format: Choose message format between BSD (old style) or RFC5424.

      • BSD Format: <priority>timestamp hostname application: message

      • RFC5424 Format: <priority>VERSION ISOTIMESTAMP HOSTNAME APPLICATION PID MESSAGEID STRUCTURED-DATA MESSAGE

    • Octet Frame Syslog Message: Choose if message length should be added to syslog message. Some syslog servers require message length prefix to properly parse the message.

      • Yes: 43 <13>Sep 25 06:28:08 43027c4e559b root: test

      • No: <13>Sep 25 06:28:08 43027c4e559b root: test

    • Syslog Protocol: Choose to select between TLS, plain TCP connection or UDP protocol.

    • Syslog Server Public SSL Certificate: Public SSL Certificate of Syslog server. This is required only if a TLS connection is used and the syslog server doesn't present CA verified certificate. The supported format for the certificate is pem.

  4. After you've entered all the details, click Connect.

Creating and validating a connection will send a test message: This is a test message.

Actions for Syslog

Send Events

This will send all data of the parent table to a configured Syslog server. Each row is sent in JSON format.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • success: true

Send Events of a Column

This will send data of the selected column to a configured syslog server.

Input

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Message

Column name that contains the message to be sent.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • success: true

Release Notes

  • v3.0.0 - Updated architecture to support IO via filesystem