load_tcp
Loads bytes from a TCP or TLS connection.
load_tcp endpoint:string, [parallel=int, tls=bool, cacert=string, certifle=string, keyfile=string, skip_peer_verification=bool, max_buffered_chunks=int { … }]Description
Section titled “Description”Reads bytes from the given endpoint via TCP or TLS.
endpoint: string
Section titled “endpoint: string”The endpoint at which the server will listen. Must be of the form
[tcp://]<hostname>:<port>. Use the hostname 0.0.0.0 to accept connections on
all interfaces.
parallel = int (optional)
Section titled “parallel = int (optional)”Number of threads to use for reading from connections.
Defaults to 1.
tls = bool (optional)
Section titled “tls = bool (optional)”Enables TLS.
Defaults tofalse.
cacert = string (optional)
Section titled “cacert = string (optional)”Path to the CA certificate used to verify the server’s certificate.
Defaults to the Tenzir configuration value tenzir.cacert, which in turn
defaults to a common cacert location for the system.
certfile = string (optional)
Section titled “certfile = string (optional)”Path to the client certificate.
keyfile = string (optional)
Section titled “keyfile = string (optional)”Path to the key for the client certificate.
skip_peer_verification = bool (optional)
Section titled “skip_peer_verification = bool (optional)”Toggles TLS certificate verification.
Defaults to false.
max_buffered_chunks = int (optional)
Section titled “max_buffered_chunks = int (optional)”Maximum number of buffered chunks per connection.
Defaults to 10.
{ … } (optional)
Section titled “{ … } (optional)”The pipeline to run for each individual TCP connection. If none is specified, no
transformations are applied to the output streams. Unless you are sure that
there is at most one active connection at a time, it is recommended to specify a
pipeline that parses the individual connection streams into events, for instance
{ read_json }. Otherwise, the output can be interleaved.
Examples
Section titled “Examples”Listen for incoming Syslog over TCP
Section titled “Listen for incoming Syslog over TCP”Listen on all network interfaces, parsing each individual connection as syslog:
load_tcp "0.0.0.0:8090" { read_syslog }Connect to a remote endpoint and read JSON
Section titled “Connect to a remote endpoint and read JSON”// We know that there is only one connection, so we do not specify a pipeline.load_tcp "example.org:8090", connect=trueread_jsonListen on localhost with TLS enabled
Section titled “Listen on localhost with TLS enabled”Wait for connections on localhost with TLS enabled, parsing incoming JSON
streams according to the schema "my_schema", forwarding no more than 20 events
per individual connection:
load_tcp "127.0.0.1:4000", tls=true, certfile="key_and_cert.pem", keyfile="key_and_cert.pem" { read_json schema="my_schema" head 20}This example may use a self-signed certificate that can be generated like this:
openssl req -x509 -newkey rsa:2048 -keyout key_and_cert.pem -out key_and_cert.pem -days 365 -nodesYou can test the endpoint locally by issuing a TLS connection:
openssl s_client 127.0.0.1:4000