Syslog limitations and recommended alternatives
Syslog is an outdated protocol. Some of the limitations are the following:- Lack of error reporting and feedback mechanisms when issues occur.
- Inability to gracefully end the connection. This can result in missing data.
For a more reliable and modern logging experience, consider using tools like Vector to receive syslog messages and forward them to Axiom. This approach bypasses many of syslog’s limitations.
Prerequisites
- Create an Axiom account.
- Create a dataset in Axiom where you send your data.
- Create an API token in Axiom with permissions to update the dataset you have created.
Configure endpoint in Axiom
- Click
Settings > Endpoints. - Click New endpoint.
- Click .
- Name the endpoint.
- Select the dataset where you want to send data.
- Copy the URL displayed for the newly created endpoint. This is the target URL where you send the data.
Configure syslog client
- Ensure the syslog client meets the following requirements:
- Message size limit: Axiom currently enforces a 64KB per-message size limit. This is in line with RFC5425 guidelines. Any message exceeding the limit causes the connection to close because Axiom doesn’t support ingesting truncated messages.
- TLS requirement: Axiom only supports syslog over TLS, specifically following RFC5425. Ensure you have certificate authority certificates installed in your environment to validate Axiom’s SSL certificate. For example, on Ubuntu/Debian systems, install the
ca-certificatespackage. For more information, see the RFC Series documentation. - Port requirements: TCP log messages are sent on TCP port
6514.
- Configure your syslog client to connect to Axiom. Use the target URL for the endpoint you have generated in Axiom by following the procedure above. For example,
https://opbizplsf8klnw.ingress.axiom.co. Consider this URL as secret information because syslog doesn’t support additional authentication such as API tokens.