Remote Log Receivers
Support > Technical Assistance > Remote Log Receiver
This page lists all configured remote log receivers that are managed by Orchestrator. You can register a server to be a remote log receiver for Orchestrator using either the Orchestrator UI or the Orchestrator REST API. If you register a remote log receiver, Orchestrator electronically sends a log message to that receiver when certain events take place, such as alarms. For information about the data contained in remote log messages, see Remote Log Messages.
The following table describes the information displayed on this page for each remote log receiver.
| Column | Description |
|---|---|
| ID | A unique ID for the receiver that is generated by Orchestrator. |
| Log Type | Indicates the type of log messages the receiver is configured to receive (Audit Log or Alarm). |
| Name | The name of the receiver entered by the user during configuration. |
| Receiver Type | The type of server that is being used as a receiver (HTTP, HTTPS, KAFKA, SYSLOG, or WEBSOCKET). |
| Hostname/URL | The hostname or URL of the server that is being used as a receiver. |
| Enabled | Indicates if Orchestrator is enabled to send logs to the receiver. Yes – Orchestrator is sending logs to the receiver. No – Orchestrator is not sending logs to the receiver. |
| Delay | The average amount of time it took Orchestrator to send log messages to the receiver over the last minute. If transmission is normal, this value is green. If transmission is slow, this value is red. |
| Last Minute Queued | The total number of log messages queued for transmission to the receiver over the last minute. Alarm log messages include both raised and cleared events. |
| Last Minute Dropped | If the transmission queue is full, this is the total number of log messages dropped over the last minute. |
| Detail | Details about the receiver entered by the user during configuration. |
Add a Remote Log Receiver
You can use the following types of servers as receivers: HTTP, HTTPS, KAFKA, SYSLOG, and WEBSOCKET. Each server employs a mechanism for supporting asynchronous notifications. For HTTP, HTTPS, KAFKA, and WEBSOCKET servers, event messages are sent using HTTP POST requests. For SYSLOG servers, event messages are sent using TCP/UDP. For information about the data contained in remote log messages, see Remote Log Messages.
After you determine which remote receiver you want to use to receive your data, you can configure specific settings for that receiver.
Complete the following instructions to add a receiver.
-
Click Add Receiver.
-
Select the type of receiver you want to use from the list.
-
Depending on which receiver you choose, a settings pop-up will appear. Enter the appropriate information for each receiver. See the following tables below for each receiver’s settings.
-
Click Save.
HTTP Receiver Settings
| Field | Description |
|---|---|
| Enable Receiver | Click this slider to toggle between enabled and disabled state. |
| Name | Name of the receiver the logs are going to. |
| Log Type | Select the type of log from the list you want to apply. |
| URL | URL served by HTTP/HTTPS log server that Orchestrator will send log data with POST REST calls. |
| User Name | User name used in Basic Authentication when making REST calls (Optional). |
| Password | Password used in Basic Authentication when making REST calls. (Optional). |
| Repeat Password | Your password repeated. |
HTTPS Receiver Settings
| Field | Description |
|---|---|
| Enable Receiver | Click this slider to toggle between enabled and disabled state. |
| Name | Name of the receiver the logs are going to. |
| Log Type | Select the type of log from the list you want to apply. |
| URL | URL of the HTTPS Receiver. |
| User Name | User name used in Basic Authentication when making REST calls (Optional). |
| Password | Password used in Basic Authentication when making REST calls (Optional). |
| Repeat Password | Your password repeated. |
KAFKA Receiver Settings
| Field | Description |
|---|---|
| Enable Receiver | Click this slider to toggle between enabled and disabled state. |
| Name | Name of the receiver the logs are going to. |
| Log Type | Select the type of log from the list you want to apply. |
| Topic | Topic name on KAFKA Receiver. |
| Bootstrap Servers | Domain name served by KAFKA Receiver. For example, “xxx.com:9092”, “1.1.1.1:9092”. |
| Acks | Defines the amount of KAFKA servers that acknowledge a message before considering the message delivered. acks=0: Expect no acknowledge. acks=1: Only leader server must acknowledge. ack=all: All servers must acknowledge. |
| Retries | Amount of times KAFKA will try before returning an error. |
| Batch Size | Multiple messages KAFKA will produce until the batch size is exceeded. |
| Buffer Size | Maximum memory size that can be used for buffering messages. When buffer size is exceeded, a message will be blocked. |
| Linger Time | Amount of time that KAFKA will wait before sending next message batch. |
SYSLOG Receiver Settings
| Field | Description |
|---|---|
| Enable Receiver | Click this slider to toggle between enabled and disabled state. |
General Settings
| Field | Description |
|---|---|
| Log Type | Type of log being sent to the SYSLOG receiver. |
| Protocol | Protocol being used between devices. |
| Hostname | Hostname of the SYSLOG receiver to identity the device. |
| Port | Port number of the SYSLOG receiver that accepts incoming events. |
| Custom Data | Custom data embedded inside the SYSLOG message. |
Facility Settings
| Field | Description |
|---|---|
| Audit Log | Type of audit log. |
Audit Log Severity Settings
| Field | Description |
|---|---|
| Error | Severity level of the error; select from the drop-down menu. |
| Info | Severity level of the information; select from the drop-down menu. |
| Debug | Severity level of the debug; select from the drop-down menu. |
WEBSOCKET Receiver Settings
Provides a reliable streaming mechanism for alarms and Orchestrator audit logs across all appliances. It is initiated from the client side and sent to Orchestrator for authentication. When authenticated by Orchestrator, asynchronous notifications are sent in JSON objects.
| Field | Description |
|---|---|
| Enable | Click this slider to toggle between enabled and disabled state. |
| Name | Name of the WebSocket receiver. |
| Log Type | Type of log being sent to the WebSocket receiver. |
| IP Allow List | List of source IP addresses that are allowed WebSocket access to Orchestrator. |
WebSocket Receiver Configuration
You need the following items to establish connectivity from Orchestrator to the WebSocket receiver:
-
Key generated by Orchestrator after the above configuration is completed
-
ID created by Orchestrator when it is configuring the WebSocket server