This module allows crowdsec to expose a syslog server, and ingest logs directly from another syslog server (or any software that knows how to forward logs with syslog).
Only UDP is supported.
A basic configuration is as follows:
source: sysloglisten_addr: 127.0.0.1listen_port: 4242labels: type: syslog
Address on which the syslog will listen. Defaults to 127.0.0.1.
UDP port used by the syslog server. Defaults to 514.
Maximum length of a syslog message (including priority and facility). Defaults to 2048.
This module does not support command-line acquisition.
This syslog datasource is currently intended for small setups, and is at risk of losing messages over a few hundreds events/second. To process significant amounts of logs, rely on dedicated syslog server such as rsyslog, with this server writting logs to files that crowdsec will read from. This page will be updated with further improvements of this data source.