Syslog Overview

Learn how to ingest syslog data

Augtera stack can be configured to ingest syslog data over UDP or over TLS. Use of TLS is recommended. The Augtera stack can also be configured to ingest syslog from a Kafka broker as explained in Kafka section.

There are two deployment models to consider.

  1. On-premise: In this mode, the Collector stack is deployed within on-premise network reachable by devices sending syslog. Platform stack can be deployed at any location (private cloud, public cloud or a different on-premise location). Appropriate security policies must be in place to allow Augtera's collector stack to be able to connect to Augtera's platform stack. HTTPS is used by collector stack to connect to platform stack.

  2. Off-premise: In this mode, the Collector stack is deployed at an off-premise location, such as Augtera's cloud. Use of TLS is recommended to send syslog to Augtera's Collector stack.

The following diagram shows the data flow from your devices that push Syslog data to the Augtera stack over UDP.

Syslog can be sent to Augtera Collector stack either directly by devices or by 3rd-party syslog forwarders such as Splunk.

Data Encoding

This section describes multiple encodings supported by Augtera for syslog ingestion.

  1. Standard Syslog: Both RFC 3164 and RFC 5424 are supported.

  2. Proprietary Syslog: Due to legacy reasons, many network devices do not conform to RFC 3164 format. Augtera syslog parser supports many variations of RFC 3164 format.

  3. Flat JSON: Syslog encoded in flat JSON format can be ingested by Augtera without need for any special parsers. Flat JSON is encoding with only key,value pairs and with no nested hierarchy.

  4. Proprietary JSON: Syslog encoded in proprietary JSON format can be ingested by Augtera with special parsers. Special parsers are plugins developed by Augtera to decode proprietary format. These plugins can be programmed in real-time on the Platform stack without requiring Augtera to develop and deploy new code.

Last updated