SyslogSender configuration file
The SyslogSender configuration file is named sender.cnf and is located in the same Windows folder as the SyslogSender executable. You can specify most options in the configuration file or via command line. Options specified on the command line override options specified in the configuration file. The configuration file has the same format and constraints as the SyslogDefender configuration file described in Customizing-after-installation, except that the SyslogSender configuration file does not use stanzas.
The following example displays a valid SyslogSender configuration file:
# basic Syslog fields
severity = info
facility = mail
header = no
framing = crlf
# address and transport
address = localhost
transport = tcp
port = 1468 # for TCP/IP
The following table provides a detailed description of the various options:
Configuration File Option | Command Line Switch | Default | Description |
|---|---|---|---|
help | ? | false | Produces the help display |
number | # | false | Appends repetition number, #nnnnn to each message |
allow_self | a | false | Specifies whether self-signed server certificates should be accepted from the session partner Self-signed certificates provide encryption, but not authentication. If you specify (or allow to default) allow_self=false, then you must specify a ca_file value. |
address | A | localhost | Specifies the IP address of the message destination Specify a host name or an address in standard IPv4 dotted format (such as 262.35.1.80) or in IPv6 colon format (such as fe80::d932:83b4:a032:eea3). You can also add a port number preceded by a colon, with no embedded spaces. If you specify a port number with an IPv6 colon-format address, then you must enclose the address in square brackets (such as [fe80::d932:83b4:a032:eea3]:1514). The port number must be an integer from 1 though 65535. If you specify a port on both the address option and the port option, then the address port value is used. |
buffersize | b | 1024 | Buffer size (length) for infile and stdin - maximum record length |
certificate | c |
| Specifies the name of any client certificate file (in PEM format) |
ca_file | C |
| Specifies the name of the CA certificate file (in PEM format) This value is required for non-self-signed server certificates |
debug | d | false | Issues debugging messages. |
ciphers | e | ALL:!LOW:!MD5: @STRENGTH | Specifies the acceptable ciphers The default specifies all ciphers, but not the low cipher suites (56 or 64 bits) and not MD5 (that has a well-known flaw). List ciphers in order of strength. For more information, see https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER_LIST_FORMAT. |
infile | f |
| Inputs the file of messages to send |
facility | F | user | Specifies the syslog facility by facility code (from 0 to 23) or by keyword (such as kern, user, mail) |
go | g | false | Sends a message despite no (other) command-line arguments |
header | h | 3164 | RFC header type if any: none, 3164 or 5424 (can be abbreviated to one character) |
IP | i |
| Protocol: 4 (IPv4) or 6 (IPv6) |
keyfile | k |
| Specifies the name of the Private Key file (in PEM format) corresponding to the client certificate file |
framing | l | O | Specifies how to frame or separate syslog messages within a single TCP/IP session If SyslogSender sends messages to SyslogDefender, specify the octet (or another framing method that you have to test). Otherwise, specify the framing convention required by the destination syslog collector. For more information, see Framing-characters. |
delay | m | 0.0 | Specifies the delay between messages in decimal seconds: 0.0 to 9999 |
message | M | This is a test message from SyslogSender | Specifies the message to send |
repeat | n | 1 | Specifies the number of times to repeat the message or messages |
pace | P | 0 0 | Specifies the maximum number of messages to send as m messages every n seconds For example, specifying pace = 100 2 tells SyslogDefender not to transmit more than 100 messages every 2 seconds. |
port | p | 514 (UDP), 1468 (TCP) or 6514 (TLS) | Specifies the port to which SyslogSender has to send If you specify a port on both the address option and the port option, then the address port value is used. |
quiet | q | false | Quiet operation, no routine messages This option is overridden by the debug option. |
reconnect | r | 0 | Disconnect and reconnect TCP session after every n messages |
crl | R | NA | Specifies the name of any certificate revocation list file (in PEM format) |
stdin | s | NA | Gets messages from stdin (overridden by infile) |
severity | S | debug | Severity:
The severity is not case sensitive and you can abbreviate values with the capitalized portion. NO means no priority at all, and you can use this to code your own valid or invalid priority as part of the message text. |
transport | t | UDP | Transport: TCP or UDP (can be abbreviated to one letter) |
verify_cert | v | true | Specifies whether SyslogSender is to verify the server certificate If you specify (or allow to default) verify_cert=true, then expired certificates and self-signed certificates (regardless of the setting of allow_self) are rejected. Certificates listed in any CRL are always rejected, whether verify_cert is true or false. |
verify_name | V | true | Specifies whether SyslogSender is to validate the host name or IP address against the common name (CN) or X.509v3 Subject Alternative Names (including any wildcard) specified in the server-presented certificate Specify (or allow to default) verify_name=true for server authentication, and to protect against rogue session routing and man-in-the-middle attacks. For more information, see Certificate-name-wildcards. |
wait | w | 5 | Seconds to wait between TCP/IP retries |
password | W |
| BMC recommends against using private key passwords because for unattended programs (such as SyslogDefender) the password must be stored in a file. The password option is provided as an accommodation if your private key is password-protected. |
security | y | SSLv3 TLSv1 | Specifies the SSL, TLS, or both protocol versions to be supported BMC recommends against using SSLv2 because SSLv2 has significant security weaknesses. |
Related topic