Syslog Streaming
CSO supports syslog streaming services starting in Release 6.3.0. The streaming services enable users to access the device syslog notifications. The syslogs are streamed in real-time using WebSocket (SSE) connections. The processed syslogs are also stored in the Cassandra database and can be retrieved through REST API calls.
To use streaming services in on-premises deployments, you must enable the streaming option during the install or upgrade procedure.
Syslogs received from the devices are classified into two categories:
-
Security logs
-
Traffic logs
The APPTRACK and RT_FLOW log types are classified as traffic logs.
You can retrieve the syslogs at the tenant-level by using the log type classification (security or traffic). Use the API authentication mechanism (x-auth-token in the header) to access logs through API calls and streaming. CSO supports a maximum of three WebSocket connections for each syslog category per tenant. The streaming database (Kafka) is purged after 24 hours and the Cassandra database is purged after 7 days.
For information about the APIs, see the API Reference Guide.