Send data from syslog to Axiom over a secure connection

​

Syslog limitations and recommended alternatives

• Lack of error reporting and feedback mechanisms when issues occur.
• Inability to gracefully end the connection. This can result in missing data.

​

Prerequisites

• Create an Axiom account.
• Create a dataset in Axiom where you send your data.
• Create an API token in Axiom with permissions to update the dataset you have created.

​

Configure endpoint in Axiom

1. Click Settings > Endpoints.
2. Click New endpoint.
3. Click .
4. Name the endpoint.
5. Select the dataset where you want to send data.
6. Copy the URL displayed for the newly created endpoint. This is the target URL where you send the data.

​

Configure syslog client

1. Ensure the syslog client meets the following requirements:
   • Message size limit: Axiom currently enforces a 64KB per-message size limit. This is in line with RFC5425 guidelines. Any message exceeding the limit causes the connection to close because Axiom doesn’t support ingesting truncated messages.
   • TLS requirement: Axiom only supports syslog over TLS, specifically following RFC5425. Ensure you have certificate authority certificates installed in your environment to validate Axiom’s SSL certificate. For example, on Ubuntu/Debian systems, install the ca-certificates package. For more information, see the RFC Series documentation.
   • Port requirements: TCP log messages are sent on TCP port 6514.
2. Configure your syslog client to connect to Axiom. Use the target URL for the endpoint you have generated in Axiom by following the procedure above. For example, https://opbizplsf8klnw.ingress.axiom.co. Consider this URL as secret information because syslog doesn’t support additional authentication such as API tokens.

​

Troubleshooting