import Prerequisites from "/snippets/standard-prerequisites.mdx" import SetUpEndpoint from "/snippets/set-up-endpoint.mdx"
The Secure Syslog endpoint allows you to send syslog data to Axiom over a secure connection. With the Secure Syslog endpoint, the logs you send to Axiom are encrypted using SSL/TLS.
Syslog limitations and recommended alternatives
Syslog is an outdated protocol. Some of the limitations are the following:
- Lack of error reporting and feedback mechanisms when issues occur.
- Inability to gracefully end the connection. This can result in missing data.
Configure syslog client
- Ensure the syslog client meets the following requirements:
- Message size limit: Axiom currently enforces a 64KB per-message size limit. This is in line with RFC5425 guidelines. Any message exceeding the limit causes the connection to close because Axiom doesn’t support ingesting truncated messages.
- TLS requirement: Axiom only supports syslog over TLS, specifically following RFC5425. Ensure you have certificate authority certificates installed in your environment to validate Axiom’s SSL certificate. For example, on Ubuntu/Debian systems, install the
ca-certificatespackage. For more information, see the RFC Series documentation. - Port requirements: TCP log messages are sent on TCP port
6514.
- Configure your syslog client to connect to Axiom. Use the target URL for the endpoint you have generated in Axiom by following the procedure above. For example,
https://opbizplsf8klnw.ingress.axiom.co. Consider this URL as secret information because syslog doesn’t support additional authentication such as API tokens.
Troubleshooting
Ensure your messages conform to the size limit and TLS requirements. If the connection is frequently re-established and messages are rejected, the issue can be the size of the messages or other formatting issues.