Token TCP
Token-based input is a single TCP connection where each log line contains a token which uniquely identifies the destination log. The token must appear at the start of the log event.
The token will not appear in any of your log entries as it is removed by the InsightOps server upon processing.
This is suitable for platform providers with centralized logging, since it allows multiple log sources to be associated with a centralized destination log in InsightOps when you have multiple users per server instance.
It is also suitable for logging sources which change public IP address (and thus Plain TCP/UDP cannot be used) or you have to log from multiple sources with the same public IP address.
Token-based logging is also ideal if you want to log from a programmable application in a language like Ruby, Java, Python, .Net etc to your InsightOps account.
You can (and are encouraged to) use multiple tokens in one TCP stream.
A token has the form of a randomly generated UUID, for example 2bfbea1e-10c3-4419-bdad-7e6435882e1f.
It is generated using a cryptographically strong pseudo random number generator.
Endpoints
Open a TCP connection to eu.data.logs.insight.rapid7.com or us.data.logs.insight.rapid7.com, depending on the region your InsightOps account is hosted in, and specify one of the following ports: 80, 514, or 10000.
Token based inputs are enabled for UDP as well.
For untrusted networks you can open an TLS/SSL encrypted connection to the same endpoint specifying port number 443.
Examples
Telnet
You can use telnet to easily test this input method. The following example will log two messages:
InsightOps will automatically remove the Token from your messages.
Telnet SSL