Syslog
Receiver SenderThis module implements a syslog sender and server.
docker pull registry.goingrid.io/services/syslog:v0.1.0Table of Content
Properties
The log service accepts following properties:
| Key | Multivalue | Required | Description |
|---|---|---|---|
| error | yes | no | Any Data delivered with key “error” will be sent to the Syslogserver as error |
| warn | yes | no | Same as error just with wanings |
| info | yes | no | For infos |
| critical | yes | no | For critical messages |
| * | yes | no | All other fields will be logged as debug |
Controls
Currently there are no Controls implemented in this worker
API
The syslog service api lets you do the following:
Send a log message
To send a syslog message use the interface data object.
Rest Call
POST https://rest.app.goingrid.io/syslog/send HTTP/1.1
content-type: application/json
Ingrid-Procedure: Execution
Authorization: Basic admin nutz
{
"info": ["This is an example info message"]
}
Response
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept,Accept-Language, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Date: Wed, 08 Apr 2020 12:09:30 GMT
Content-Length: 136
Content-Type: text/plain; charset=utf-8
Connection: close
{
"Code": 200,
"Message": "Success",
"Data": {},
"List": null
}
Docker Config
contact:
image: ${ING_REGISTRY}/worker/syslog:latest
deploy:
restart_policy:
condition: on-failure
environment:
NAME: "syslog-send"
SERVERHOST: "hive"
SERVERAUTH: "file:///run/secrets/ing-hive-key"
INPUTCHANNEL: "syslog_send"
REMOTEIP: "yoursyslogserver"
REMOTEPORT: "10514"
SENDUDP: "true"
depends_on:
- hive
secrets:
- ing-hive-key
networks:
- ing-worker
Example Rest Call Multiple messages
POST http://localhost:8085/syslog/send HTTP/1.1
content-type: application/json
Ingrid-Procedure: Execution
Authorization: Basic admin nutz
{
"info": ["This is an example info message"],
"debug": ["This is an example debug message","whaterver"],
"other": ["Other stuff is debug"]
}
Output:
Receive a log message
To receive syslog messages start the worker as entrypoint. Send then syslog messages to the defined port.
Send Message to our Syslog Entrypoint via Bash
#!/bin/bash
echo "<14>${0##*/}[$$]: info Test syslog message from bash via udp" > /dev/udp/localhost/10514
echo "<14>${0##*/}[$$]: info Test syslog message from bash via tcp" > /dev/tcp/localhost/10514
Docker Config used
contact:
image: ${ING_REGISTRY}/worker/syslog:latest
deploy:
restart_policy:
condition: on-failure
environment:
NAME: "syslog-receive"
SERVERHOST: "hive"
SERVERAUTH: "file:///run/secrets/ing-hive-key"
OUTPUTCHANNEL: "main"
CLASS: "debug"
OPERATION: "echo"
UDP: "true"
PORT: "10514"
IP: "0.0.0.0"
depends_on:
- hive
secrets:
- ing-hive-key
networks:
- ing-worker
Service configuration
Like every other service, the log service includes all properties of the service configuration and since it listens on input the input configuration.
The following parameters are specific to this service. They can be either used as environment variables (all uppercase) or within the CLI (- as prefix).
| Parameter | Default | Description |
|---|---|---|
| Class | "syslog" |
Class for syslog messages |
| Operation | "message" |
Operation for syslog messages |
| IP | "0.0.0.0" |
IP Address to use for this Syslog Input Server |
| RemoteIP | IP Address of a Target Syslog Server, we send our Messages to | |
| SendTag | "ingrid" |
Syslog Tag to be used for messages we send to a remote system |
| Format | "RFC3164" |
Syslog Format we expect to receive from the other System. Valid are RFC3164 / RFC5424 / RFC6587 |
| Port | 10514 |
Port to use for Syslog Input |
| RemotePort | 10514 |
Remote Port we send our syslog messages to |
| TCP | false |
Receive TCP Syslog Messages (can use both udp and tcp) |
| UDP | false |
Receive UDP Syslog Messages (can use both udp and tcp) |
| SendTCP | false |
Send TCP Syslog Messages (only udp or tcp. if tcp is true, tcp will be used over udp) |
| SendUDP | false |
Send UDP Syslog Messages (only udp or tcp. if tcp is true, tcp will be used over udp) |
| SendJSON | false |
If set to true, we send all in Data as JSON |
| DecodeCEF | false |
Try to Decode CEF Messages |
Syslog RFCs
You can switch the Syslog Server to accept different RFC Styles. Use the parameter Format. Supported are:
- RFC3164 (default)
- RFC5424
- RFC6587
CEF
You can also receive and decode CEF messages. Those can be used to track changes for example in a Microfocus eDirectory.
Use the parameter DecodeCEF to try to decode CEF Messages as described in the following documentation: