This module allows crowdsec to expose a syslog server, and ingest logs directly from another syslog server (or any software that knows how to forward logs with syslog).
Only UDP is supported.
listen_addr: Address on which the syslog will listen. Defaults to 127.0.0.1.
listen_port: UDP port used by the syslog server. Defaults to 514.
max_message_len: Maximum length of a syslog message (including priority and facility). Defaults to 2048.
source: Must be
A basic configuration is as follows:
source: syslog listen_addr: 127.0.0.1 listen_port: 4242 labels: type: syslog
DSN and command-line¶
This module does not support command-line acquisition.