We have updated our Terms of Service, Code of Conduct, and Addendum.

Does Stream support receiving Syslog that uses Octet-Counting Framing?

Options
Jordan Perks
Jordan Perks Posts: 11
edited September 2023 in Stream

Does Stream support receiving Syslog that uses Octet-Counting Framing? For example, from the default configuration in Corelight?

Tagged:

Best Answer

  • Michael Donnelly
    Michael Donnelly Posts: 6 mod
    Answer ✓
    Options

    Yes! Cribl Stream now supports Octet Count Framing on Syslog sources. Please be aware that it's off by default, and must be enabled in the Advanced Settings for the syslog source.

    image.png

Answers

  • Harry Gardner
    Harry Gardner Posts: 59 mod
    edited July 2023
    Options

    crogers:

    Stream does not support Syslog events sent using Octet-Counting Framing. Stream supports Non-Transparent Framing, specifically the \n trailer character, defined in RFC 6587, section 3.4.2.

    Although not supported as of version 3.4.1 this feature is on the roadmap. Ticket number: CRIBL-8628 for future reference.

  • Michael Donnelly
    Michael Donnelly Posts: 6 mod
    Answer ✓
    Options

    Yes! Cribl Stream now supports Octet Count Framing on Syslog sources. Please be aware that it's off by default, and must be enabled in the Advanced Settings for the syslog source.

    image.png

Categories