Receive over TCP/UDP

You can create a data collector to configure a TCP/UDP socket. 

Note

The HOST field is not displayed on the Search tab for data collected over a TCP/UDP connection (by default).

However, if the data pattern used for collecting data includes the HOST field, then it is displayed and available for search.

Related topics

Where to find more information

Managing-data-collectors

Creating-data-collectors

Known-and-corrected-issues

To receive data over a TCP or UDP connection

  1. Navigate to Administration > Data Collectors > Add Data Collector Plus icon.jpg.
  2. In the Name box, provide a unique name to identify this data collector.
  3. From the Type list, select Receive over TCP/UDP (Syslog etc).

  4. Provide the following information, as appropriate:

     

    Field

    Description

    Target/Collection Host

    Collection Host (Agent)

    Failed to execute the [excerpt-include] macro.

    Note: For this type of data collector, the target host and collection host are expected to have different values.

    Collector Inputs

    Protocol

    Select UDP or TCP as appropriate.

    By default, UDP is selected.

    Bind address

    Provide the IP address to which you want to bind for creating a connection.

    Port

    Provide the port to connect to the UDP/TCP protocol.

    By default, this value is set to 514.

     

    Note: This data collector does not work with the default port on a Linux computer. This is because only admin users can access ports with values less than 1024. Users other than admin must ensure that the port value is greater than 1024.

    Data Pattern

    Pattern

    Select the appropriate data pattern to use for indexing the selected data file.

    By default, the Syslog data pattern is selected.

    For this type of data collector, the product does not support filtering of relevant data patterns. Also, because this data collector receives events asynchronously, you cannot select a data pattern and then preview the way it will appear on the Search page. Therefore, BMC recommends that you select the Free Text without Timestamp option in this field and save the data collector. 

    After the data is indexed and starts showing on the Search page, copy a few lines of the data entries and use them to customize an existing data pattern (by cloning it), or add a new data pattern.

    Note: All the records processed using the Free Text without Timestamp option are assumed to be a single line of data with a line terminator at the end of the event. Records are distinguished on the basis of the new line separator. If you want to distinguish records in a custom way, then you can specify a custom string or regular expression in the Event Delimiter box that decides where the new line starts in the data. This string or regular expression must correspond to some text in your data which appears at the beginning of a line.

    See examples

    The following regular expression distinguishes records when the line starts with "INFO" or "ERROR" or "WARN".

    ^(INFO|WARN|ERROR)

    The following regular expression distinguishes records when the line starts with “com.bmc.ola”.

    ^(com\.bmc\.ola)

    Date Format

    Manually scan through the list available and select a date format.

    If you do not find a relevant date format, you can also create a new date format by selecting the Create new Date Format option.

    Notes:

    • If you select both – a pattern and a date format, then the date format specified takes precedence over the date format from the pattern that you selected. So the timestamp is indexed as per the specified date format, and the rest of the data is indexed as per the pattern.
    • If you select only a date format, then the date format is used for indexing the timestamp, while the rest of the data is displayed in a raw format in your search results.

    Start/Stop Collection

    (Optional) Select this check box if you want to start the data collection immediately.

    The [expand] macro is a standalone macro and it cannot be used inline.

    Tags
    Inherit Host Level Tags From Target Host
    (Optional) Select this check box to inherit your tag selections associated with the target host that you selected earlier. This option is not applicable if you did not select a target host. Note that after selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.
    Select Tag name and corresponding value
    (Optional) Select a tag name and specify the corresponding value by which you want to categorize the data collected. Later while searching data, you can use these tags to narrow down your search results.Example: If your are collecting data from hosts located at Houston, you can select a tag name for "Location" and in the value specify "Houston". While searching the data, you can use the tag, Location="Houston" to filter data and see results associated with the Houston location.To be able to see tag names, you need to first add them by navigating to Administration > System Settings.To specify tag names and corresponding values, in the left box select a tag name and then type the corresponding tag value in the right box. While you type the value, you might see type-ahead suggestions based on values specified in the past. If you want to use one of the suggestions, click the suggestion. Click Add Plus icon.jpgto add the tag name and corresponding value to the list of added tags that follow. Click Remove Tag Delete icon.jpgto remove a tag.The tags saved while creating the data collector are displayed on the Search tab, under the Filters panel, and in the Tags section.Note: At a time, you can specify only one value for a tag name. To specify multiple values for the same tag name, each time you need to select the tag name, specify the corresponding value, and click Add.For more information about tags, see Understanding-fields-and-tags.

    Group Access

    Inherit Host Level Access Groups From Target Host

    (Optional) Select this check box to inherit your group access configurations associated with the target host that you selected earlier. This option is not applicable if you did not select a target host.

    Note:     After selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.

    Select All Groups

    (Optional) Select this option if you want to select all user groups. You can also manually select multiple user groups.

    Notes:

    • If you do not select any user groups and data access control is not enabled, then all users can access data retrieved by this data collector. You can restrict access permissions by selecting the relevant user groups that must be given access permissions. To enable data access control, navigate to Administration > System Settings.
    • If you do not select any user group and data access control is enabled, then only the creator of the data collector has access to data retrieved by this data collector.

    For more information, see Managing-user-groups.

  5. Click Create to save your changes.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*