Syslog
Syslog lets you bring telemetry from network devices, firewalls, and other appliances into Jutsu when there is no dedicated connector. Forwarded log lines reach the Ingest API, where they are normalized into events alongside the rest of your data.
Overview
Jutsu accepts generic syslog ingestion into the Ingest API. A forwarder maps each log line to a JSON payload and posts it to the syslog webhook route on the Ingest API (for example, POST /webhooks/syslog), authenticating with an organization-scoped API key. This is a good fit for network gear and appliances that emit syslog over UDP or TCP.
Confirm the exact Ingest API host, base path, webhook route, and any transport ports against your deployment.
Configure your source
- In Jutsu, open the Syslog integration and generate an API key for this source.
- Point your device or appliance at a syslog forwarder that can reach your Jutsu deployment over HTTPS.
- Configure the forwarder to map log lines to the expected JSON shape (a
full_logline plus optional host, app, facility, and severity fields) and to send the API key in the request header. - Send a few lines and confirm the forwarder reports successful delivery.
Transport details (UDP/TCP, ports) and the forwarder setup depend on your deployment. Confirm the exact endpoint and configuration in your Jutsu integration screen.
Verify
After your source is forwarding, confirm the pipeline end to end:
- Generate activity on the device so it emits a syslog line (for example, a denied connection on a firewall).
- Confirm the forwarder reports the line was accepted by the Ingest API.
- In Jutsu, open the Events view and confirm the corresponding event appears.
Troubleshooting
If no events arrive after forwarding, work through the most common causes:
| Symptom | Likely cause | Fix |
|---|---|---|
| No events arriving | Invalid or missing API key | Confirm the forwarder sends the key in the request header and regenerate it if needed. |
| No events arriving | Network path blocked | Allow egress from the forwarder to your Jutsu Ingest API host and port. |
| No events arriving | Device not emitting syslog | Confirm the device's syslog output is enabled and reaching the forwarder. |
| Events rejected | Payload doesn't match the expected shape | Map each log line to a JSON body with a non-empty full_log field plus optional metadata. |
| Events delayed | Forwarder backlog | Review forwarder logs for retries and confirm it isn't overloaded. |
If events still don't appear, confirm the Ingest API endpoint and payload mapping against your deployment before opening a support request.
Related
- Custom events — post arbitrary JSON for sources that don't emit syslog.
- Events — explore raw events once they're flowing.
- Integrations — see all available and roadmap sources.