From f2b0a81465d0b7e1b77a9dbfddc8ca59c0c48c36 Mon Sep 17 00:00:00 2001 From: Maheep Kumar <26147403+technusm1@users.noreply.github.com> Date: Sat, 7 Jun 2025 16:56:03 +0530 Subject: [PATCH 1/2] docs: Updated docs for TLS options for syslog TCP server (#1) * Update syslog.md and environment-variables.md with TLS configuration options for syslog TCP server --------- Co-authored-by: technusm1 --- docs/environment-variables.md | 4 ++++ docs/ingestion/logs/syslog.md | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/docs/environment-variables.md b/docs/environment-variables.md index 1faa291..2a19dbf 100644 --- a/docs/environment-variables.md +++ b/docs/environment-variables.md @@ -121,6 +121,10 @@ OpenObserve is configured through the use of below environment variables. | ZO_ALERT_SCHEDULE_INTERVAL | | No | | | ZO_TCP_PORT | 5514 | No | TCP port for syslog | | ZO_UDP_PORT | 5514 | No | UDP port for syslog | +| ZO_TCP_TLS_ENABLED | false | No | Enable TLS for TCP syslog server. | +| ZO_TCP_TLS_CERT_PATH | | No | Path to the TLS certificate file to be used on the server. | +| ZO_TCP_TLS_KEY_PATH | | No | Path to the TLS key file to be used on the server. | +| ZO_TCP_TLS_CA_CERT_PATH | | No | Path to the TLS CA certificate file to be used on the server. | | ZO_APP_NAME | | No | | | ZO_DEFAULT_SCRAPE_INTERVAL | | No | | | ZO_CIRCUIT_BREAKER_ENABLE | | No | | diff --git a/docs/ingestion/logs/syslog.md b/docs/ingestion/logs/syslog.md index fd82933..ee2fc9d 100644 --- a/docs/ingestion/logs/syslog.md +++ b/docs/ingestion/logs/syslog.md @@ -25,6 +25,14 @@ You can change the default port number using the following environment variables * `ZO_TCP_PORT` - TCP port number to listen on. Default: `5514` * `ZO_UDP_PORT` - UDP port number to listen on. Default: `5514` +You can also configure the TLS settings for syslog TCP server using the following environment variables: +* `ZO_TCP_TLS_ENABLED` - Enable TLS for TCP syslog server. If enabled, `ZO_TCP_PORT` will be used for the TLS connection over TCP. Default: `false` + +If `ZO_TCP_TLS_ENABLED` is set to `true`, then make sure to set all the below variables in production: +* `ZO_TCP_TLS_CERT_PATH` - Path to the TLS certificate file to be used on the server. +* `ZO_TCP_TLS_KEY_PATH` - Path to the TLS key file to be used on the server. +* `ZO_TCP_TLS_CA_CERT_PATH` - Path to the TLS CA certificate file to be used on the server. It is recommended to set this variable if the above 2 variables are set, otherwise, the configured certificate will be treated as a self-signed certificate. This is useful for development and internal testing, but not recommended for production setups as it could still be vulnerable to man-in-the-middle attacks. + ## Testing From e3c533480965a9e2817c96cc6048cf5d29526d71 Mon Sep 17 00:00:00 2001 From: Maheep Kumar Kathuria Date: Tue, 10 Jun 2025 11:51:01 +0530 Subject: [PATCH 2/2] Added TLS configuration environment variables to syslog docs --- docs/ingestion/logs/syslog.md | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/ingestion/logs/syslog.md b/docs/ingestion/logs/syslog.md index ee2fc9d..cf288c8 100644 --- a/docs/ingestion/logs/syslog.md +++ b/docs/ingestion/logs/syslog.md @@ -13,7 +13,7 @@ Before you can send logs to OpenObserve, you need to enable OpenObserve to act a OpenObserve will only accept syslog traffic from the subnets that you specify. You must specify a minimum of 3 things: - Organization -- Stream name +- Stream name - Subnets ## Configuration @@ -22,17 +22,18 @@ Default port: `5514` You can change the default port number using the following environment variables: -* `ZO_TCP_PORT` - TCP port number to listen on. Default: `5514` -* `ZO_UDP_PORT` - UDP port number to listen on. Default: `5514` +- `ZO_TCP_PORT` - TCP port number to listen on. Default: `5514` +- `ZO_UDP_PORT` - UDP port number to listen on. Default: `5514` You can also configure the TLS settings for syslog TCP server using the following environment variables: -* `ZO_TCP_TLS_ENABLED` - Enable TLS for TCP syslog server. If enabled, `ZO_TCP_PORT` will be used for the TLS connection over TCP. Default: `false` -If `ZO_TCP_TLS_ENABLED` is set to `true`, then make sure to set all the below variables in production: -* `ZO_TCP_TLS_CERT_PATH` - Path to the TLS certificate file to be used on the server. -* `ZO_TCP_TLS_KEY_PATH` - Path to the TLS key file to be used on the server. -* `ZO_TCP_TLS_CA_CERT_PATH` - Path to the TLS CA certificate file to be used on the server. It is recommended to set this variable if the above 2 variables are set, otherwise, the configured certificate will be treated as a self-signed certificate. This is useful for development and internal testing, but not recommended for production setups as it could still be vulnerable to man-in-the-middle attacks. +- `ZO_TCP_TLS_ENABLED` - Enable TLS for TCP syslog server. If enabled, `ZO_TCP_PORT` will be used for the TLS connection over TCP. Default: `false` +If `ZO_TCP_TLS_ENABLED` is set to `true`, then ensure all the below variables are set: + +- `ZO_TCP_TLS_CERT_PATH` - Path to the TLS certificate file to be used on the server. +- `ZO_TCP_TLS_KEY_PATH` - Path to the TLS key file to be used on the server. +- `ZO_TCP_TLS_CA_CERT_PATH` - Path to the TLS CA certificate file to be used on the server. ## Testing @@ -44,11 +45,12 @@ Steps: ### Clone the repo -``` shell +```shell git clone https://github.com/openobserve/syslog_log_generator cd syslog_log_generator ``` -### Modify the script + +### Modify the script file `generate_logs.sh` @@ -65,6 +67,6 @@ Modify the file with the appropriate IP address. ./generate_logs.sh ``` -Watch a youtube demo here: +Watch a youtube demo here: