Current view: XPLG V7 (Latest). Available: XPLG V6 and XPLG V5

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to Manager > Left Navigation Panel > Data > Collection Polices-> Edit a collection policy-> Data Forwarding.
  2. Add New Syslog Forwarder, for each forwarder the following should be configured:
    1. Name: the name of the Syslog Forwarder
    2. Description: the description of the Syslog Forwarder
    3. Enabled: the Syslog forwarder is enabled by default. Uncheck for disabling.
    4. Host: the remote host to which data should be sent.
    5. Port: the port that will be used by the Syslog Forwarder to send data.
    6. Protocol: the Syslog can forward data on either UDP or TCP
    7. Data Filter Query: Enter a data filter query
  3. Advanced Settings:
    Its possible to replace during forward specific character based on the needs - the replace is done via regular expression. 2 common examples:
    1. If you handle in your logs data multiline events and you wish to send the event in a single line format (as some receivers require) you can replace each end of line with a specific separator:

      {
      "replaceAll":"\n|\r",
      "replaceWith": " - END_OF_ORIG_LINE- "
      }

      The forwarded data will be sent in a single line format, where the value -END_OF_ORIG_LINE- value "-" will be placed in each original end of line.

    2. Another very powerful example is masking forwarded data. For example, if you have a log with sensitive data such as CC number or passwords, its possible to mask it during forwarding:
      Log event example:
      2020-10-19 11:00:00 David-Whong password=myPassw0rd standart standard user

      In XpoLog forwarder:

      {
      "replaceAll":"password=[^\s]+|\n|\r",
      "replaceWith": "-***- "

      }
      Forwarded data:
      XPLG:[1603119482000] [user] [INFO] [jet.xplg.com] []: 2020-10-19 11:00:00 David-Whong -***-  standart standard user

      The password section was replaced with -***- and won't be sent to the receiver.

  4. Save the Syslog Forwarder.
  5. Data sent from the Syslog Forwarder will be sent to the configured device.

...