Forward Analytics Events to Syslog
How to forward Analytics Events to Syslog.
Overview
Follow the steps in this guide to set up a NGINX Controller Integration that forwards events to a syslog server.
Before You Begin
This guide assumes that you already have a working instance of any syslog server.
If you haven’t already done so, you can use an open-source version of Syslog-NG.
You will also need to Create an Integration for your Syslog forwarder.
Create a Forwarder
Take the following steps to create a Forwarder for Splunk:
-
Open the NGINX Controller user interface and log in.
-
Select the NGINX Controller menu icon, then select Platform.
-
On the Platform menu, select Data Forwarders.
-
On the Data Forwarders menu, select the Create Data Forwarder quick action.
-
Add a name.
-
(Optional) Add a display name.
-
(Optional) Add a description.
-
Select your Integration Reference from the dropdown menu or select Create New to create a new Integration.
-
In the Collector Type list, select
SYSLOG
. -
In the Source list, select the type of data to forward:
events
. NGINX Controller can forward onlyEVENTS
data to syslog. -
In the Output Format list, select
SYSLOG
. -
The Selector field consists of the following query parameters (optional):
filter
: The conditions to use to refine the metrics or events data.- Example usage:
"filter=type='security violation' AND app='my-app'"
-
(Optional) Add additional Streams as required using the Add Stream button.
What’s Next
- Refer to Troubleshooting Forwaders for tips on resolving common issues.