Skip to content

How to forward logs to using Syslog


To push your events to, you can use also use the syslog protocol.

Before processing, you have to:

To forward events using syslog to, you need to send events using TLS to and ensure compliance with RFC 5426. Additionally, you must update the syslog header with the intake key you previously created.

To achieve this you can:

  • Use the forwarder which is the official supported way to collect data using the syslog protocol in In charge of centralizing data coming from many equipments/sources and forwarding them to with the apporpriated format, it is a prepackaged option. You only have to provide your intake key as parameter.
  • Use your own Syslog service instance. Maybe you already have an intance of one of these components on your side and want to reuse it in order to centralize data before forwarding them to When using this mode, you have to configure and maintain your component in order to respect the expected format.


Only the forwarder is officially supported. Other options are documented for reference purposes but do not have official support.