Integrations/Syslog over TLS Receiver/Setup Guide
Setup Guide

Syslog over TLS Receiver Setup Guide

Follow the steps below to connect, authorize, verify, and schedule collection. If you want help mapping exports to your environment, book a walkthrough.

At a Glance
ConnectionLog collection
CategoryLogging
Guide4 steps
Need help?
We will map modules and reviewer-ready exports to your process.

Steps

Use these as a starting point, then verify collection inside Aurora.

  1. 1
    Configure your syslog sender to forward RFC5424 over TLS to the platform receiver endpoint.
  2. 2
    If your deployment uses **custom TLS termination** for this receiver, provide `server_cert` and `server_key` secrets. Optionally provide `optional_client_ca` for mutual TLS (mTLS).
  3. 3
    If your deployment uses **platform-managed TLS termination**, set `platform_managed_tls=true` in connection config (TLS secrets are not required).
  4. 4
    Send a test syslog message and confirm it is ingested as `security.event` with `source=syslog_tls`.

Credentials

The inputs Aurora needs to authorize and collect proof.

server_certserver_keyoptional_client_ca

Permissions

Aurora requests only the minimum access needed for collection and checks.

Permissions depend on the selected collection mode and configured scope.