Token-based input is a single TCP connection where each log line contains a token which uniquely identifies the destination log. The token can be used anywhere in the event separated by a white space from the entry content.
The token will not appear in any of your log entries as it is removed by the InsightOps server upon processing.
This is suitable for platform providers with centralized logging, since it allows multiple log sources to be associated with a centralized destination log in InsightOps when you have multiple users per server instance.
It is also suitable for logging sources which change public IP address (and thus Plain TCP/UDP cannot be used) or you have to log from multiple sources with the same public IP address.
Token-based logging is also ideal if you want to log from a programmable application in a language like Ruby, Java, Python, .Net etc to your InsightOps account.
You can (and are encouraged to) use multiple tokens in one TCP stream.
A token has the form of a randomly generated UUID, for example
It is generated using a cryptographically strong pseudo random number generator.
Open a TCP connection to
us.data.logs.insight.rapid7.com, depending on the region your InsightOps account is hosted in, and specify one of the following ports: 80, 514, or 10000.
Token based inputs are enabled for UDP as well.
For untrusted networks you can open an TLS/SSL encrypted connection to the same endpoint specifying port number
You can use
telnet to easily test this input method. The following example will log two messages:
InsightOps will automatically remove the Token from your messages.
1telnet us.data.logs.insight.rapid7.com 802Trying 184.108.40.206...3Connected to us.data.logs.insight.rapid7.com.4Escape character is '^]'.5100002bfbea1e-10c3-4419-bdad-7e6435882e1f My first log entry6My second 2bfbea1e-10c3-4419-bdad-7e6435882e1f log entry with token inside
1telnet-ssl -z ssl us.data.logs.insight.rapid7.com 443 100002bfbea1e-10c3-4419-bdad-7e6435882e1f My SSL secured log message