Skip to content

[rhacs-docs-4.9] [RHACS] [Docs] ROX-31310: Updating syslog documentation #102802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 20, 2025
Merged

[rhacs-docs-4.9] [RHACS] [Docs] ROX-31310: Updating syslog documentation #102802

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 24 additions & 13 deletions modules/syslog-configuring-acs.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,28 @@
Create a new syslog integration in {rh-rhacs-first}.

.Procedure
. In the {product-title-short} portal, go to *Platform Configuration* -> *Integrations*.
. Scroll down to the *Notifier Integrations* section and select *Syslog*.
. Click *New Integration* (add icon).
. Enter a name for *Integration Name*.
. Select the *Logging Facility* value from `local0` through `local7`.
. Enter your *Receiver Host* address and *Receiver Port* number.
. If you are using TLS, turn on the *Use TLS* toggle.
. If your syslog receiver uses a certificate that is not trusted, turn on the *Disable TLS Certificate Validation (Insecure)* toggle.
Otherwise, leave this toggle off.
. Click *Add new extra field* to add extra fields. For example, if your syslog receiver accepts objects from multiple sources, type `source` and `rhacs` in the *Key* and *Value* fields.
. In the {product-title-short} portal, click the *Platform Configuration* -> *Integrations* -> *Notifier* tab.
. Select *Syslog*.
. Click *New integration*.
. In the *Create integration* page, provide the following information:
.. Enter a name for your integration.
.. Select the *Logging facility* value from `local0` through `local7`.
.. Enter your *Receiver host* address and *Receiver port* number.
.. Enter a value for the *Maximum message size*.
+
You can filter using the custom values in your syslog receiver to identify all alerts from {product-title-short}.
. Select *Test* (`checkmark` icon) to send a test message to verify that the integration with your generic webhook is working.
. Select *Create* (`save` icon) to create the configuration.
Enter a value between `0` and `1048576`, which corresponds to the number of bytes used to chunk messages. You can adjust the value by using the up and down arrows in the spin button.
+
If you do not want to chunk messages, enter `0`.
.. Select the appropriate *Message format*:
** If you are creating a new integration, select *CEF*.
** If you have an existing integration that relies on the old behavior, select *CEF (legacy field order)*.
.. Select the appropriate checkboxes:
** If you are using TLS, select the *Use TLS* checkbox.
** If your syslog receiver uses a certificate that is not trusted, select the *Disable TLS Certificate Validation (insecure)* checkbox.
.. To add extra fields, click *Add new extra field*.
+
For example, if your syslog receiver accepts objects from multiple sources, type `source` and `rhacs` in the *Key* and *Value* fields.
+
You can filter by using the custom values in your syslog receiver to identify all alerts from {product-title-short}.
. To send a test message to verify that the integration with your generic webhook is working, click *Test*.
. To create the configuration, click *Save*.