Skip to main content

Overview

Centralized Log Transfer

Transfers Apinizer logs to a central syslog collector with low latency via Connection.

Flexible Log Transport

Provides flexible log transport compatible with different organization standards through TCP/UDP, TLS, and message format options.

Environment-Based Configuration

Provides common naming and versioning while maintaining Development/Test/Production separation through environment-based configuration.

Security Warning

Logs transmitted in UDP mode have no delivery guarantee; prefer TCP + SSL/TLS for critical flows.

Connection Initiation

When a Syslog connection is requested from within an Integration Flow or Connector, the system reads the configured connection parameters.

Connection Pool Management

In TCP mode, a persistent socket is opened for each environment, automatic reconnection is applied when active connection closes; stateless sending is performed in UDP mode.

Authentication

If TLS is used, certificate-based Authentication is applied; otherwise, syslog server’s IP-based security policies come into play.

Data Communication

Log messages in RFC 3164/5424/5425 format, hostname, and facility/severity fields are transmitted over selected protocol.

Connection Management

After operation completes, TCP connection returns to pool; UDP packets require no additional management as they are stateless.

Error Management

In case of connection error, timeout, or authentication error, details are shown in deployment-result dialog; error metrics are propagated via Apinizer Event Manager.

SIEM/SOC Integration

Real-time transfer of API Gateway logs to SIEM or SOC platforms

Security Events

Notification of security events (e.g., WS-Security, Authentication errors) to central alarm system

Log Correlation

Providing single log flow for log correlation between operating systems, firewall, and Apinizer services

Test and Validation

Validating new rule/transformation developments in test environment without affecting syslog infrastructure in prod environment

Technical Features and Capabilities

Dual Protocol Support

TCP/UDP: Selection can be made between low-latency UDP or reliable TCP modes via EnumSyslogProtocolType.

Format and Metadata Flexibility

RFC 3164, RFC 5424, or RFC 5425 formats; compatible log template is created with hostname, facility, and severity fields.

Environment ID-Based Routing

Routing to different syslog endpoints is performed by selecting target Environment for each Connection via environmentId list.

Environment-Based Configuration

Ability to define separate connection parameters for each environment (Development, Test, Production).

Enable/Disable Control

Activating or deactivating the Connection (enable/disable toggle). In passive state, connection cannot be used but its configuration is preserved.

Dynamic Deployment Results

IDeploymentResult outputs are shown to user after save and test, real status of log flow is monitored instantly.

Move to Global

Admin users can move connection from project context to global area, thus facilitating reuse.

Bulk Import/Export

Can be transferred to other environments by packaging JSON + metadata with ExportFile structure.

Connection Test Feature

Ability to validate connection parameters before saving with “Test Connection” button.

Export/Import Feature

Export connection configuration as ZIP file. Import to different environments (Development, Test, Production). Version control and backup capability.

Connection Monitoring

Monitoring connection health, pool status, and performance metrics.

Connection Parameters

Name

Parameter: NameExample Value: Production_SyslogConnection name (must be unique). Cannot start with space, special characters should not be used.

Environment

Parameter: EnvironmentExample Value: prod-env-idIdentity of published environment where logs will be targeted. Environment list comes via Environment Service, cannot be tested if selection is not made.

Syslog Protocol Type

Parameter: Syslog Protocol TypeExample Value: TCPTCP or UDP selection via EnumSyslogProtocolType. When TCP is selected, timeout and SSL settings become mandatory.

Syslog Server Hostname

Parameter: Syslog Server HostnameExample Value: syslog.corp.localSyslog server name or IP where logs will be sent. FQDN recommended, DNS resolution is performed by gateway.

Syslog Port

Parameter: Syslog PortExample Value: 514Syslog listening port. 514 for UDP, 6514 for TLS can be commonly used.

Syslog Message Format

Parameter: Syslog Message FormatExample Value: RFC_3164Message body template (RFC 3164/5424/5425). Should be selected according to SIEM expectations.

Syslog App Name

Parameter: Syslog App NameExample Value: ApinizerGatewayApplication name that will appear in messages. Recommended not to exceed 48 characters.

Syslog Facility

Parameter: Syslog FacilityExample Value: AUDITLog classification value. Limited to EnumSyslogFacility values.

Syslog Severity

Parameter: Syslog SeverityExample Value: INFORMATIONALLog importance level. Selected from EnumSyslogSeverity list.

Syslog Timeout (TCP)

Parameter: Syslog Timeout (TCP)Example Value: 5000Wait time in milliseconds for TCP handshake + ACK. Not shown in UDP mode, mandatory in TCP mode.

Description

Parameter: DescriptionDefault Value: -Recommended Value: Specify usage purpose and target syslog clusterDescription about the connection

Syslog Message Hostname

Parameter: Syslog Message HostnameDefault Value: gateway01Recommended Value: Use different hostname for each environment to facilitate correlationOverrides HOSTNAME field in log.

Syslog SSL Enabled

Parameter: Syslog SSL EnabledDefault Value: falseRecommended Value: true in Production, self-signed if needed in Test/DevProvides TLS encapsulation over TCP.

Deploy To Worker

Parameter: Deploy To WorkerDefault Value: trueRecommended Value: Leave true if network isolation existsWhether connection will be deployed to worker nodes.

Timeout and Connection Pool Parameters

Connection Timeout

Description: syslogTimeout value in TCP mode
Default: 5000
Min: 1000 | Max: 60000
Unit: milliseconds

Request Timeout

Description: General request wait time for Integration step (gateway setting)
Default: 15000
Min: 5000 | Max: 60000
Unit: milliseconds

Pool Size

Description: Maximum TCP sockets in Syslog connection pool
Default: 1
Min: 1 | Max: 5
Unit: count

UDP Burst Interval

Description: Delay recommendation between consecutive packets in UDP mode
Default: 0
Min: 0 | Max: 100
Unit: milliseconds

Use Cases

SOC Integration

Situation: SOC platform accepts logs with TCP + TLS
Solution: Protocol: TCP, SSL Enabled: true, Port: 6514
Expected Behavior: Logs transmitted securely over TLS, facility/severity fields fall to SIEM rules

Network Monitoring

Situation: Fast UDP required for correlation with firewall logs
Solution: Protocol: UDP, Port: 514, Message Format: RFC_3164
Expected Behavior: Log flow performed with low latency, packet loss is tolerant

Application Debug

Situation: Detailed debug log requested in test environment
Solution: Severity: DEBUG, Facility: LOCAL0, Message Hostname: test-gw
Expected Behavior: Test syslog server receives detailed debug events

Compliance Audit

Situation: Audit teams request audit trail
Solution: Facility: AUDIT, Severity: NOTICE, App Name: ComplianceGW
Expected Behavior: Separated log flow provided for audit reports

Multi-Project Sharing

Situation: Multiple projects will use same global syslog
Solution: Move to Global, Environment ID: admin project, Name prefix: Global_
Expected Behavior: Single connection shared across all projects, changes managed centrally

DR Scenario

Situation: Production logs will be copied to secondary data center (optional)
Solution: Export ZIP, Import to different environment, Port/Hostname updated to DR address
Expected Behavior: DR syslog server starts receiving logs in same format

Connection Configuration

In this step, you can create a new connection or configure existing connection parameters to set connection rules. Defined parameters directly affect how the connection works and become available for use in Integration Flow or Connector steps.

Creating New Syslog Connection

Image 2024 9 9 15 35 35 Pn
1

Navigate to Creation Page

  • Go to Connection → Syslog Connection section from left menu.
  • Click [+ Create] button at top right.
2

Enter Basic Information

Enable Status (Active Status): Set active/passive status with toggle. New connections are active by default.Name Required:
  • Example: Production_Syslog
  • Enter unique name, cannot start with space.
  • System automatically checks. Green checkmark: available. Red X: existing name.
Description:
  • Example: “Gateway prod log flow”
  • Max. 1000 characters.
  • Describe the purpose of the Connection.
3

Environment Selection

  • Select environment from dropdown menu: Development, Test, or Production.
  • Different connection parameters can be defined for each environment.
4

Syslog Network Parameters

  • Select TCP or UDP from Syslog Protocol Type field.
  • Enter Syslog Server Hostname and Syslog Port values.
  • Incorrect port leads to log loss; verify network firewall openings.
5

Message Format and Metadata

  • Select Syslog Message Format (RFC 3164/5424/5425).
  • Fill Syslog Message Hostname, Syslog App Name, Facility, and Severity fields according to your log policy.
6

Timeout and Connection Pool Settings

  • When TCP is selected, Syslog Timeout value is entered in milliseconds (default 5000).
  • Timeout field is hidden in UDP mode; consider UDP Burst Interval recommendations for high traffic.
7

Security and Authentication Settings

  • Enable TLS tunneling by setting Syslog SSL Enabled option to true in TCP mode.
  • Match certificate chain with syslog server; assign from certificate store if mutual TLS is required.
8

Test Connection

  • Click [Test Connection] button.
  • Test whether connection parameters are correct.
  • Success: Green confirmation message, Failed: Error details shown.
9

Save

  • Click [Save and Deploy] button at top right.
Checklist: Unique name. Required fields filled. Test connection successful (recommended)Result:
  • Connection is added to list.
  • Becomes available in Integration Flow and Connector steps.
  • Becomes active according to environment.
Connection created successfully! You can now use it in Integration Flow and Connector steps.

Deleting Connection

Delete Operation

Select Delete from menu at end of row or click [Delete] button on connection detail page

Delete Tips

Check Before Deleting: May be used in Integration Flow or Connector steps. If necessary, assign an alternative connection. Back up with Export before deleting

Alternative: Deactivate

Use Disable option instead of deleting. Connection becomes passive but is not deleted. Can be reactivated when needed

Exporting/Importing Connection

In this step, you can export existing connections for backup, moving to different environments, or sharing purposes, or import a previously exported connection again. This operation is used to maintain data integrity in version control, transitions between test and production environments, or inter-team sharing processes.

Method 1

Select ⋮ → Export from action menu. ZIP file is automatically downloaded.

Method 2

Click [Export] button on connection detail page. ZIP file is downloaded.

File Format

Format: Date-connection-ConnectionName-export.zip
Example: 13 Nov 2025-connection-Production_Syslog-export.zip

ZIP Contents

  • Connection JSON file
  • Metadata information
  • Dependency information (e.g., certificates, key store)

Use Cases

  • Backup
  • Moving between environments (Test → Prod)
  • Versioning
  • Team or project-based sharing

Import Steps

  • Click [Import Syslog Connection] button on main list.
  • Select downloaded ZIP file.
  • System checks: Is format valid? Is there name conflict? Are dependencies present?
  • Then click [Import] button.

Import Scenarios

Scenario 1: Name Conflict → Overwrite old connection or create with new name.Scenario 2: Missing Dependencies → Create missing certificates or key stores first or exclude during import.

Connection Usage Areas

In this step, you can use the Syslog Connection connection you created in different components of the system. Connections are used by being selected in Integration Flow, Connector steps, or Scheduled Jobs.

Creating and Activating Connection

Steps:
  1. Create the connection.
  2. Validate connection with Test Connection.
  3. Save and activate with Save and Deploy.
  4. Ensure connection is in Enabled state.

Usage in Integration / Connector Steps

  • Connection is selected in steps with syslog output such as “Send Message”, “Notify”.
  • Can also be used for custom log sending in API Gateway policies.
  • Connection selection is made from Connection field in configuration screen.

Scheduled Job Usage

  • Jobs that collect logs at certain intervals or perform health checks send notifications via syslog connection.
  • If environment is changed in job update, connection is automatically adjusted.

Test Usage

  • Connection correctness can be checked independently from Integration Flow with Connection Test feature.
  • This test is critical in debugging process.

Best Practices

Log Format Management

Bad: Using default RFC 3164 in all environments.Good: Selecting format according to SIEM requirements.Best: Versioning and documenting environment-based different formats with Export/Import.

Facility/Severity Planning

Bad: Sending all logs with same severity.Good: Separating warning and error logs into different severities.Best: Documenting facility/severity matrix according to incident classification.

Hostname Management

Bad: Leaving default hostname value.Good: Using environment-based hostname.Best: Naming in EnvironmentCode-gatewayId format and mapping with CMDB.

Naming Standard

Bad: Space-containing and ambiguous expressions in Name field.Good: Using environment prefix (Test_Syslog).Best: Making {Environment}_{Purpose}_{Region} template mandatory.

Environment Management

Bad: Using same connection parameters in all environments.Good: Creating separate connection for each environment.Best: Managing all environments in single connection using Environment option, only changing environment during transitions between environments.

Connection Test

Bad: Saving and deploying connection without testing.Good: Validating with Test Connection before saving.Best: Testing after every parameter change, performing full integration test in test environment before going to production.

Network Segmentation

Make syslog server accessible only from relevant gateway subnets. Restrict UDP/TCP 514/6514 ports in firewall.

TLS Certificate Management

If using TLS, renew certificate chain regularly; use self-signed certificates only in Development environment.

Signing Access Logs

Protect integrity by using TLS + message signature mechanism in RFC 5425 format for critical logs.

Credential Management

Store sensitive information such as username and password using environment variable or secret manager. Do not hardcode credentials in code or configuration files. Update passwords periodically

SSL/TLS Usage

Always enable SSL/TLS in production environment. Use self-signed certificates only in development environment. Track certificate expiration dates and renew on time

Access Control

Allow only authorized users to change connection configuration. Store connection change logs. Apply change approval process for critical connections

Sending Critical Logs with UDP

Why avoid: UDP does not provide delivery guarantee, packet loss cannot be controlled.Alternative: Use TCP + SSL/TLS mode.

Incorrect Facility Usage

Why avoid: SIEM rules are not triggered, alerts are missed.Alternative: Validate facility/severity map with operations team.

Leaving Hostname Field Empty

Why avoid: Source cannot be distinguished on SIEM side.Alternative: Use hostname containing environment + region + node identity.

Using Production Connection in Test Environment

Why avoid: Test data may be written to production system, real users may be affected, security risk occurs.Alternative: Create separate connection for each environment, use environment parameter, separate connection names by adding prefix according to environment (Test_, Prod_).

Very Low Timeout Values

Why avoid: Connection constantly times out in network delays, Integration steps fail.Alternative: Adjust timeout values according to real usage scenarios, measure network latency and set timeouts accordingly.

Not Using Connection Pool

Why avoid: New connection opens on every request, performance decreases, resource consumption increases, target system load increases.Alternative: Enable connection pool, adjust pool size according to traffic volume, set up pool monitoring.

UDP Traffic Balancing

Recommendation: Apply rate limiting on gateway side in UDP mode, add Burst Interval if needed.Impact: Target syslog server buffer overflow is prevented.

TCP Reconnection

Recommendation: Keep timeout values in 5-10 sec range, verify automatic reconnect behavior during network interruptions.Impact: Log delivery continuity is maintained.

Format Optimization

Recommendation: Use RFC 5424 only if mandatory, otherwise reduce message size with RFC 3164.Impact: Bandwidth and storage costs decrease.

Connection Pool Optimization

Recommendation: Set pool size according to peak traffic (recommended: concurrent request count × 1.5), set idle connection timeouts, perform pool health check.Impact: Connection opening cost decreases by 80%, response times decrease, resource usage is optimized.

Timeout Values Optimization

Recommendation: Measure real network latency, adjust timeout values accordingly, avoid very low or very high timeouts.Impact: Unnecessary waits are prevented, fast fail-over is provided, user experience improves.

Connection Monitoring

Recommendation: Monitor connection pool usage, track timeout rates, perform connection health check, set up alerting.Impact: Problems are proactively detected, performance bottlenecks are identified early, downtime decreases.

Troubleshooting

Wrong port (514 instead of 6514), certificate chain missing, or syslog server may not be expecting TLS.
1

Port and Protocol Validation

Validate port and protocol match.
2

Certificate Update

Update certificate stores.
3

TLS Listener

Open TLS listener on syslog side.
Network packet loss, firewall throttling, or excessive burst rate may exist.
1

Packet Loss Measurement

Measure loss by performing packet capture.
2

Burst Interval

Add burst interval.
3

Switch to TCP Mode

Switch to TCP mode if needed.
Network delay, target system responding slowly, or timeout value may be too low.
1

Network Check

Check network connectivity.
2

System Health

Check target system health.
3

Timeout Settings

Increase timeout values.
4

Log Review

Review connection logs.
Wrong username/password, expired credentials, or permission problem may exist.
1

Credentials

Verify credentials.
2

User Status

Check that user is active on target system.
3

Permission Check

Check that necessary permissions are granted.
4

Certificate Check

Check SSL/TLS certificates.
Pool size may be too low, connection leak may exist, or traffic may be too high.
1

Pool Size

Increase pool size.
2

Connection Check

Check that connections are properly closed.
3

Idle Timeout

Set idle connection timeouts.
4

Metric Monitoring

Monitor connection usage metrics.
Different connection may be selected in Integration/Connector step, step may be misconfigured, or Flow/Job may not be redeployed.
1

Enable Toggle

Check that connection’s enable toggle is active.
2

Connection Selection

Verify that correct connection is selected in Integration Flow.
3

Connection Deploy

Redeploy connection.
4

Flow/Job Deploy

Redeploy Integration Flow or Job.
5

Log Check

Check Gateway logs.

Frequently Asked Questions (FAQ)

No, each connection targets a single destination; duplicate connection or use load balancer for multiple targets.
You can update protocol on same connection but it’s recommended to back up with export before change.
Yes, a syslog server listening TLS and Syslog SSL Enabled value being true is required.
Only affects TCP handshake and ACK wait time; Integration request is additionally limited by Request Timeout.
Admin users can move connection to global area with Move to Global action; can be used in other projects.
Yes, the same connection can be used in multiple Integration Flow or Connector steps. This provides centralized management and guarantees configuration consistency. However, changes made to the connection will affect all usage locations, so care should be taken.
Connection pool usage is not mandatory but strongly recommended in high-traffic systems. Reusing existing connections instead of opening new connection on every request significantly increases performance.
Yes, it is recommended to create separate connection for each environment. Alternatively, you can manage all environments in a single connection using environment parameter. This approach provides easier management and less error risk.
Several reasons may exist:
  1. Connection enable toggle may be passive
  2. Different connection may be selected in Integration step
  3. Connection may not be deployed
  4. Integration Flow may not be redeployed yet

Next Steps

Syslog Connector

Learn Syslog Connector usage

Connection Types Overview

Connection types overview

Logback Connector

Logback log records