Skip to content


Is the IP behind static?

IP for is is the domain name used to send your logs to, either via Syslog or HTTP protocols. The IP address behind that service is static and stable. You can use that IP to configure your firewalls to allow connections from your forwarding systems to

Outgoing IP addresses for playbooks runs and connectors

For all the actions available in the Playbooks section of (include connectors used to retrieve logs from external sources), we use a number of outbound IP addresses. The full list is publicly accessible and can be retrieved at the following URL: This will be useful to setup filtering options if needed, and even automate any future update.

We try to make this list as stable as possible, but events out of our control may result in modifications. If any changes occur, we are committed to providing our customers with advance notice of at least two weeks, either via a dedicated communication, or via our status page.

How to debug Rsyslog’s forward configuration to

If you use Rsyslog to forward your logs to, you will probably have a section like this in your configuration files:

template(name="SEKOIAIOUnboundTemplate" type="string" string="<%pri%>1 %timestamp:::date-rfc3339% %hostname% %app-name% %procid% LOG [SEKOIA@53288 intake_key=\"jOK5bMVXz5Iz7gfogQDbCcC7l7S2IrOs5\"] %msg%\n")
if $programname startswith 'unbound' then @@(o);SEKOIAIOUnboundTemplate

If you want to retrieve the raw data that is forwarded to, you can duplicate the last line and make Rsyslog dump logs to a local file:

if $programname startswith 'unbound' then /tmp/nginx-output.log;SEKOIAIOUnboundTemplate

This way, you will be able to exactly identify what data is sent to

# tail -n 1 /tmp/nginx-output.log
<30>1 2021-01-13T14:52:06.934860+01:00 ote unbound - LOG [SEKOIA@53288 intake_key="jOK5bMVXz5Iz7gfogQDbCcC7l7S2IrOs5"]  [596451:0] info: A IN



Logs are available and displayed for 90 days in

Archive and restore data


Depending on your plan we can archive your data and restore it on demand

Option not available for all plans

Restoration process :

  • The request must be made to

  • We try to restore in less than 48 working hours

  • The data requested must be less than 12 months old (the end date of the requested period must be less than 365 days)

  • Restored data will be deleted after 30 days

Restoration flow:

Archiving diagram