This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

sumologic-http() and sumologic-syslog() destination options

The sumologic-http() and sumologic-syslog() destinations have the following options.

1 - sumologic-http() destination options

The sumologic-http() destination supports all HTTP destination options.

In addition, the sumologic-http() destination also has the following options.

batch-bytes()
Accepted values: number [bytes]
Default: none

Description: Sets the maximum size of payload in a batch. If the size of the messages reaches this value, AxoSyslog sends the batch to the destination even if the number of messages is less than the value of the batch-lines() option.

Note that if the batch-timeout() option is enabled and the queue becomes empty, AxoSyslog flushes the messages only if batch-timeout() expires, or the batch reaches the limit set in batch-bytes().

Available in AxoSyslog version 3.19 and later.

batch-lines()
Type: number
Default: 1

Description: Specifies how many lines are flushed to a destination in one batch. The AxoSyslog application waits for this number of lines to accumulate and sends them off in a single batch. Increasing this number increases throughput as more messages are sent in a single batch, but also increases message latency.

For example, if you set batch-lines() to 100, AxoSyslog waits for 100 messages.

If the batch-timeout() option is disabled, the AxoSyslog application flushes the messages if it has sent batch-lines() number of messages, or the queue became empty. If you stop or reload AxoSyslog or in case of network sources, the connection with the client is closed, AxoSyslog automatically sends the unsent messages to the destination.

Note that if the batch-timeout() option is enabled and the queue becomes empty, AxoSyslog flushes the messages only if batch-timeout() expires, or the batch reaches the limit set in batch-lines().

For optimal performance, make sure that the AxoSyslog source that feeds messages to this destination is configured properly: the value of the log-iw-size() option of the source must be higher than the batch-lines()*workers() of the destination. Otherwise, the size of the batches cannot reach the batch-lines() limit.

batch-timeout()
Type: time in milliseconds
Default: -1 (disabled)

Description: Specifies the time AxoSyslog waits for lines to accumulate in the output buffer. The AxoSyslog application sends batches to the destinations evenly. The timer starts when the first message arrives to the buffer, so if only few messages arrive, AxoSyslog sends messages to the destination at most once every batch-timeout() milliseconds.

ca-dir()
Accepted values: Directory name
Default: none

Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject’s name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the AxoSyslog clients. The AxoSyslog application uses the CA certificates in this directory to validate the certificate of the peer.

This option can be used together with the optional ca-file() option.

ca-file()
Accepted values: File name
Default: empty

Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The AxoSyslog application uses the CA certificates in this file to validate the certificate of the peer.

Example format in configuration:

   ca-file("/etc/pki/tls/certs/ca-bundle.crt")

collector()
Type: string
Default: empty

Description: The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.

For details on the option in the destination’s declaration, see Declaration for the sumologic-http() destination.

deployment()
Type: string
Default: empty string

Description: Required. This option specifies your Sumo Logic deployment.

For details on the deployment() option in the sumologic-http() destination’s declaration, see Declaration for the sumologic-http() destination.

For details on the deployment() option in the sumologic-syslog() destination’s declaration, see Declaration for the sumologic-syslog() destination.

headers()
Type: string list
Default: empty

Description: Custom HTTP headers to include in the request, for example, headers("HEADER1: header1", "HEADER2: header2"). If not set, only the default headers are included, but no custom headers.

The following headers are included by default:

  • X-Syslog-Host: <host>
  • X-Syslog-Program: <program>
  • X-Syslog-Facility: <facility>
  • X-Syslog-Level: <loglevel/priority>

time-reopen()
Accepted values: number [seconds]
Default: 60

Description: The time to wait in seconds before a dead connection is reestablished.

tls()
Type: tls options
Default: n/a

Description: This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.

In version 4.0 and newer, using the tls() option is optional, and Sumo Logic servers are verified using the system certificate store by default. In earlier versions, this was a required option.

2 - sumologic-syslog() destination options

The sumologic-syslog() destination supports all network() destination options.

In addition, the sumologic-syslog() destination also has the following options.

ca-dir()
Accepted values: Directory name
Default: none

Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject’s name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the AxoSyslog clients. The AxoSyslog application uses the CA certificates in this directory to validate the certificate of the peer.

This option can be used together with the optional ca-file() option.

ca-file()
Accepted values: File name
Default: empty

Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The AxoSyslog application uses the CA certificates in this file to validate the certificate of the peer.

Example format in configuration:

   ca-file("/etc/pki/tls/certs/ca-bundle.crt")

deployment()
Type: string
Default: empty string

Description: Required. This option specifies your Sumo Logic deployment.

For details on the deployment() option in the sumologic-http() destination’s declaration, see Declaration for the sumologic-http() destination.

For details on the deployment() option in the sumologic-syslog() destination’s declaration, see Declaration for the sumologic-syslog() destination.

port()
Type: number
Default: 6514

Description: Optional. This option sets the port number of the Sumo Logic server to connect to.

tag()
Type: string list
Default: “tag”

Description: Optional. This option specifies the list of tags to add as the tags fields of Sumo Logic messages. If not specified, AxoSyslog automatically adds the tags already assigned to the message. If you set the tag() option, only the tags you specify will be added to the messages.

tls()
Type: tls options
Default: n/a

Description: This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.

In version 4.0 and newer, using the tls() option is optional, and Sumo Logic servers are verified using the system certificate store by default. In earlier versions, this was a required option.

token()
Type: string
Default:

Description: Required option. The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.