Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Syslog Streaming

CSO supports syslog streaming services starting in Release 6.3.0. The streaming services enable users to access the device syslog notifications. The syslogs are streamed in real-time using WebSocket (SSE) connections. The processed syslogs are also stored in the Cassandra database and can be retrieved through REST API calls.


To use streaming services in on-premises deployments, you must enable the streaming option during the install or upgrade procedure.

Syslogs received from the devices are classified into two categories:

  • Security logs

  • Traffic logs

    The APPTRACK and RT_FLOW log types are classified as traffic logs.

You can retrieve the syslogs at the tenant-level by using the log type classification (security or traffic). Use the API authentication mechanism (x-auth-token in the header) to access logs through API calls and streaming. CSO supports a maximum of three WebSocket connections for each syslog category per tenant. The streaming database (Kafka) is purged after 24 hours and the Cassandra database is purged after 7 days.

For information about the APIs, see the API Reference Guide.