Syslog

• How it works
• Prerequisites
• Setup Instructions
  • Step 1: Create Syslog Source in Datable
  • Step 2: Configure Your Syslog Daemon
• Troubleshooting
  • No Logs Received
  • Messages Not Forwarding
  • TLS Connection Issues
  • Performance Issues
• Best Practices
• Support

Datable provides native syslog support, allowing you to forward logs from any syslog-compatible source including rsyslog, syslog-ng, network devices, and applications.

How it works

The Syslog integration accepts logs in RFC3164 and RFC5424 formats over UDP, TCP, or TLS protocols. Logs are parsed, enriched with metadata, and made available for real-time analysis.

Prerequisites

• Syslog daemon (rsyslog, syslog-ng, or similar)
• Network connectivity to Datable endpoints
• Administrative access to syslog configuration

Setup Instructions

Step 1: Create Syslog Source in Datable

1. Navigate to Sources in Datable
2. Select Syslog
3. Enter a source name
4. Review the generated configuration snippet with your unique YOUR_DATABLE_HOST and

Step 2: Configure Your Syslog Daemon

1. Combine the provided configuration snippet with your existing syslog configuration.
2. Restart the syslog service to apply changes.

Troubleshooting

No Logs Received

1. Check connectivity:

telnet {{host}} {{port}}
nc -vz {{host}} {{port}}

2. Verify syslog is running:

systemctl status rsyslog
journalctl -u rsyslog -f

3. Test with logger:

logger -p local0.info -t test "Test message"

Messages Not Forwarding

• Check firewall rules
• Verify SELinux/AppArmor policies
• Review syslog configuration syntax
• Check disk space for queue files

TLS Connection Issues

• Verify certificate validity
• Check certificate chain
• Ensure time synchronization
• Review TLS protocol versions

Performance Issues

• Monitor queue sizes
• Check network bandwidth
• Review rate limiting settings
• Optimize message filtering

Best Practices

1. Use TLS: Always encrypt syslog traffic in transit
2. Implement Queuing: Ensure reliable delivery with disk queues
3. Filter at Source: Reduce network traffic by filtering early
4. Use Structured Data: Prefer RFC5424 for better parsing
5. Monitor Queue Health: Set up alerts for queue buildup
6. Rotate Logs: Implement log rotation to manage disk space
7. Test Failover: Verify behavior during network interruptions

Support

For additional support with the Syslog integration, please contact the Datable support team or refer to your syslog daemon's documentation:

• Rsyslog Documentation
• Syslog-ng Documentation