Forward Analytics Events to Syslog

How to forward Analytics Events to Syslog.

Overview

Follow the steps in this guide to set up a NGINX Controller Integration that forwards events to a syslog server.

Before You Begin

This guide assumes that you already have a working instance of any syslog server.

If you haven’t already done so, you can use an open-source version of Syslog-NG.

You will also need to Create an Integration for your Syslog forwarder.

Create a Forwarder

Take the following steps to create a Forwarder for Splunk:

1. Open the NGINX Controller user interface and log in.

2. Select the NGINX Controller menu icon, then select Platform.

3. On the Platform menu, select Data Forwarders.

4. On the Data Forwarders menu, select the Create Data Forwarder quick action.

5. Add a name.

6. (Optional) Add a display name.

7. (Optional) Add a description.

8. Select your Integration Reference from the dropdown menu or select Create New to create a new Integration.

9. In the Collector Type list, select SYSLOG.

10. In the Source list, select the type of data to forward: events. NGINX Controller can forward only EVENTS data to syslog.

11. In the Output Format list, select SYSLOG.

12. The Selector field consists of the following query parameters (optional):

    • filter: The conditions to use to refine the metrics or events data.
    • Example usage: "filter=type='security violation' AND app='my-app'"

13. (Optional) Add additional Streams as required using the Add Stream button.

What’s Next

• Refer to Troubleshooting Forwaders for tips on resolving common issues.