TCP and UDP input types are suitable for simple input implementations which use TCP connections, as well as for standard Syslog daemons.
Using this approach, a client can open a TCP connection to our API server (data.logentries.com) on an assigned port number. Note, we assign a port number when you create an input (i.e. log file) of this input type in the Logentries UI. Then a client can send log lines one by one. For UDP input lines are identified as separate packets.
When a new TCP/UDP input is created, Logentries assigns a new port number of that input type. The input starts in discovery mode. In discovery mode, Logentries awaits a first connection attempt (TCP) or first packet received (UDP). The sender’s IP address is identified and registered so that all future communications can be identified as coming from a particular IP address. The discovery mode is limited for 15 minutes.
The pair of IP address and port number is unique for the client and the client is identified by this pair.
For untrusted networks you can force SSL encryption of the communication by using an alternative port number. Just add
10000 to the port number provided and use
An example of this is receiving the designated port 12331, to send via SSL change the Port Number to 22331.
In order to test SSL connection, you can use the telnet-ssl program which usually needs to be installed separately to telnet. Note that the port number must be increased by 10000.
~$telnet-ssl -z ssl api.logentries.com PORT My SSL secured log message
You can use the telnet program to easily test the input:
~$telnet data.logentries.com PORT My Log message
Note if you are testing via telnet you have to use the same IP address as your server or router that you intend to send logs from, since Logentries will register this IP with the PORT number provided.