Token TCP

Token-based input is a single TCP connection where each log line contains a token which uniquely identifies the destination log. The token can be used anywhere in the event separated by a white space from the entry content.

The token will not appear in any of your log entries as it is removed by the InsightOps server upon processing.

This is suitable for platform providers with centralized logging, since it allows multiple log sources to be associated with a centralized destination log in InsightOps when you have multiple users per server instance.

It is also suitable for logging sources which change public IP address (and thus Plain TCP/UDP cannot be used) or you have to log from multiple sources with the same public IP address.

Token-based logging is also ideal if you want to log from a programmable application in a language like Ruby, Java, Python, .Net etc to your InsightOps account.

You can (and are encouraged to) use multiple tokens in one TCP stream.

A token has the form of a randomly generated UUID, for example 2bfbea1e-10c3-4419-bdad-7e6435882e1f.

It is generated using a cryptographically strong pseudo random number generator.

basic

Endpoints

Open a TCP connection to eu.data.logs.insight.rapid7.com or us.data.logs.insight.rapid7.com, depending on the region your InsightOps account is hosted in, and specify one of the following ports: 80, 514, or 10000.

Token based inputs are enabled for UDP as well.

For untrusted networks you can open an TLS/SSL encrypted connection to the same endpoint specifying port number 443.

basic

Examples

Telnet

You can use telnet to easily test this input method. The following example will log two messages: InsightOps will automatically remove the Token from your messages.

1
telnet us.data.logs.insight.rapid7.com 80
2
Trying 34.198.185.156...
3
Connected to us.data.logs.insight.rapid7.com.
4
Escape character is '^]'.
5
100002bfbea1e-10c3-4419-bdad-7e6435882e1f My first log entry
6
My second 2bfbea1e-10c3-4419-bdad-7e6435882e1f log entry with token inside

Telnet SSL

1
telnet-ssl -z ssl us.data.logs.insight.rapid7.com 443 100002bfbea1e-10c3-4419-bdad-7e6435882e1f My SSL secured log message