Difference between input type "syslog" and "tcp"?


What is the difference between using the syslog and the tcp inputs when dealing with logs?

After reading the 5.6/plugins-inputs-syslog and 5.6/plugins-inputs-tcp pages, I can't guess the pros / cons of each plugins. I also checked 6.0 docs to see if syslog was deprecated but it doesn't seem to.

Any inputs to help deciding why one to use?

Thank you.

1 Like

The syslog input listens for both UDP and TCP packets and parses most syslog inputs out of the box so that few or no additional filters are needed. The tcp input only does TCP and leaves the syslog parsing to other plugins.

1 Like

Ok, thanks.

I've tried both to check. Sending them data in RFC-5424 and RFC-3164.
I have managed to do more things using the tcp input than the syslog.
Not sure if that's expected. Seemed the syslog input didn't like to get various format.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.