Plain TCP/UDP

TCP and UDP input types are suitable for simple input implementations which use TCP connections, as well as for standard Syslog daemons.

Using this approach, a client can open a TCP connection to our API server on an assigned port number. Note, we assign a port number when you create an input (i.e. log file) of this input type in the InsightOps UI. Then a client can send log lines one by one. For UDP input lines are identified as separate packets.

When a new TCP/UDP input is created, InsightOps assigns a new port number of that input type. The input starts in discovery mode. In discovery mode, InsightOps awaits a first connection attempt (TCP) or first packet received (UDP). The sender’s IP address is identified and registered so that all future communications can be identified as coming from a particular IP address. The discovery mode is limited for 15 minutes.

The pair of IP address and port number is unique for the client and the client is identified by this pair.

basic

Testing

You can use the telnet program to easily test the input:

~$telnet REGION.data.logs.insight.rapid7.com PORT My Log message

Region is the data centre that your account is in (e.g. "eu", "us")

Note if you are testing via telnet you have to use the same IP address as your server or router that you intend to send logs from, since InsightOps will register this IP with the PORT number provided.