Use a Syslog source service to consume Syslog messages. To create a Syslog source service, use the Syslog source service type.
When you read from syslog sources, you can use one of the following built-in source service types:
Syslog TCP
Use a Syslog TCP source service to read from sources that use TCP protocol to send messages.
The Syslog TCP source service type expects the data source to use the
\n
delimiter. If the data source uses any of the other delimiters described in RFC 3164, "The BSD syslog Protocol" or RFC 6587, "Transmission of Syslog Messages over TCP," use the TCP source service type, instead. For more information about the delimiters described in RFC 3164 and RFC 6587, see
The BSD syslog Protocol and
Transmission of Syslog Messages over TCP.
Syslog UDP
Use a Syslog UDP source service to read from sources that use UDP protocol to send messages.
Syslog UDS
Use a Syslog UDS source service to read from sources that publish to a UNIX domain socket (UDS).