Does Stream support receiving Syslog that uses Octet-Counting Framing? For example, from the default configuration in Corelight?
Question
Does Stream support receiving Syslog that uses Octet-Counting Framing?
crogers:
Stream does not support Syslog events sent using Octet-Counting Framing. Stream supports Non-Transparent Framing, specifically the
\ntrailer character, defined in RFC 6587, section 3.4.2.
Although not supported as of version 3.4.1 this feature is on the roadmap. Ticket number: CRIBL-8628 for future reference.
Yes! Cribl Stream now supports Octet Count Framing on Syslog sources. Please be aware that it's off by default, and must be enabled in the Advanced Settings for the syslog source.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.