Skip to main content
Skip table of contents

Syslog Integration

Overview

QueryPie provides a feature to send logs recorded in Syslog format to external systems.

  • Until version 9.19.0, log transmission was supported only in Syslog format using the UDP protocol (RFC3164).

  • Starting from version 9.19.0, TCP protocol support has been added. Additionally, HTTP/HTTPS protocol-based Splunk HEC (HTTP Event Collector) transmission is now supported.

Configuring Syslog Integration

  1. Navigate to the Administrator > General > System > Integrations menu.

  2. Click on the Syslog tile to access the detailed page.

What is Syslog (Legacy)?
If you have previously used Syslog, you will see an additional Syslog (Legacy) tile. Here, you can continue to receive Syslog data in the original format. The Legacy Format has a Timestamp field that is affected by the Time Zone, so there is a separate Time Zone setting option. The default value is UTC.

  1. Click the Configure button on the detailed page to open a popup where you can enter Destination information.

스크린샷 2024-07-23 오전 9.36.28.png

Administrator > General > System > Integrations > Syslog > Configure Destination

  1. To create Destination information, enter the following details.

    1. Destination Name : Enter a suitable name to identify the recipient of the Syslog data.

    2. Protocol : Choose between TCP (default) and UDP. UDP has packet length limitations and is less secure, so TCP is recommended..

    3. Destination Address (Hostname): Enter the IP address or hostname of the Syslog server that will receive the data.

    4. Port : Specify the port on which the Syslog server is listening. (Default: 514)

    5. Test Connection Button : For TCP, this button checks the communication status with the Syslog server.

      • Due to the nature of UDP, it is not possible to test the connection, so the Test Connection button will be disabled for UDP.

    6. Select Event Items : You can choose which event items to send. Checking the “Select all event items, including those that may be added later.” box will ensure all possible events are transmitted.

    7. Disable Syslog Header : This option excludes Syslog header information from the transmission (default is Yes). This option is provided in case the Syslog header complicates JSON parsing for some SIEM systems.

    8. Description : Enter a brief description of up to 100 characters about the configuration.

  2. Click the OK button to save the settings.

    1. Saving the configuration does not immediately activate Syslog transmission.

  3. To start the transmission, toggle the switch at the top left of the page to the :토글:.

    1. This transmission toggle can be used to temporarily stop sending data during maintenance or other situations.

  4. If Syslog transmission is no longer needed, you can remove the configuration by clicking the Delete button.

    1. Please note that you cannot delete a configuration while data is being transmitted. First, toggle the switch to the :토글off: before deleting.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close