This module accepts UDP datagrams on the configured address and port. UDP is the transport protocol of the legacy BSD Syslog as described in RFC 3164, so this module can be particularly useful to receive such messages from older devices which do not support other transports.
|UDP is an unreliable transport protocol, and does not guarantee delivery. Messages may not be received or may be truncated. It is recommended to use the TCP or SSL transport modules instead, if possible.|
To reduce the likelihood of message loss, consider:
|This module provides no access control. Firewall rules can be used to drop log events from certain hosts.|
The im_udp module accepts the following directives in addition to the common module directives.
The module will accept messages on this IP address or DNS hostname. The default is
The module will listen for incoming connections on this port number. The default is port 514.
This optional directive sets the socket buffer size (SO_RCVBUF) to the value specified. If not set, the operating system defaults are used. If UDP packet loss is occurring at the kernel level, setting this to a high value (such as
150000000) may help. On Windows systems the default socket buffer size is extremely low, and using this option is highly recommended.
This boolean directive specifies that the
recvmmsg()system call should be used, if available, to receive multiple messages per call to improve performance. The default is TRUE.
The following fields are used by im_udp.
The received string.
The IP address of the remote host.