Send syslog messages via TCP

augusto.henriques · March 10, 2025, 9:26am

My colleagues and I are currently working on configuring syslog forwarding on our OmniSwitch 6860E 24-Port Chassis and need assistance in enabling TCP-based syslog transmission to our remote syslog server.
By default, the switch sends syslog messages using UDP port 514. So, we have to configure the switch to forward syslog messages via TCP. We have tested this by manually modifying the syslog-ng configuration in root mode (SHASTA #) and specifying the destination for TCP logging. This approach successfully allows syslog messages to be sent over TCP.
However, the issue we are facing is that these changes are lost upon a switch reboot. We would like to know how to make this configuration persistent across reboots or if there’s any other efficient method of doing this.

Thanks in advance,
Augusto

BennyD · March 10, 2025, 1:54pm

Hey, I would recommend to switch to syslog-over-tls, if your remote syslog server supports this. This will make, by default, use of TCP port 6514. I would prefer this one, before doing any changes in root mode. I have running a syslog-ng on Ubuntu, which is flawlessly receiving encrypted syslog messages by different 6860E´s.

augusto.henriques · March 10, 2025, 3:40pm

Hey Benny, thanks for the recommendation. However, my client’s requirements specify using a specific port 1421. Is it possible to change the default syslog-over-TLS port 6514? I tried running the command swlog output socket <ip> 1421 tls, but it didn’t work.