# Syslog

The Syslog source settings page enables custom tagging of syslog traffic on custom ports.

Each defined syslog listener specifies:

* port - an unused port which will listen for incoming events on the event interface
* label - which is tagged to each event which is used for routing events in HyperSec XDR or an external SIEM..
* protocol - protocol to accept, either UDP, TCP, TLS or both UDP and TCP or UDP and TLS. TLS and TCP are mutually exclusive, as TLS is TCP with encryption.

<figure><img src="/files/gT6jdUvLGjXqRQ8OrJgF" alt=""><figcaption></figcaption></figure>

### Create a Syslog Listener

To create a syslog listener, select the **Create new Port Listener** button.

Specify an unused port, a label which will tag each event, and the protocols to accept.

Click OK to create the new listener.

#### TLS Requirements

TLS Syslog connections require certificates to be uploaded through the Certificate Manager and configured through Advanced Settings to be active.

1. Upload the Collector's Certificate, optionally a Certificate Authority and a Private Key through [Web Interface -> Certificates](/configuration/web-interface/certificates.md).
2. Configure the following Advanced Settings through [Web Interface -> System -> Advanced Settings.](/configuration/web-interface/settings/system/advanced-settings.md)

   1. syslog.tls.cert: The full filename of the Certificate uploaded, e.g. collector-syslog.crt.
   2. syslog.tls.ca\_cert: The full filename of a Certificate Authority uploaded, e.g.: my-organization.crt.
   3. syslog.tls.privkey: The full filename of a Private Key uploaded, e.g.: collector-syslog-privkey.pem

   The syslog.tls.cert as a minimum must be configured for TLS connections to be available through syslog.

<figure><img src="/files/dHBJu57uqWcZIsWwMkZl" alt=""><figcaption></figcaption></figure>

### Edit Syslog Listener

To edit an existing syslog listener, select Edit next to the entry to modify. The Port cannot be modified, to change ports the listener must be deleted and then re-created.

Update the Label and/or the Protocols and select OK to update.

<figure><img src="/files/HthJdcQcZo6dowgwMKX2" alt=""><figcaption></figcaption></figure>

### Delete Syslog Listener

To delete a syslog listener, select Delete next to the entry to remove and select OK.

<figure><img src="/files/IlG3tyJfnK0YkPwxOltF" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hypercollector2.docs.hypersec.io/configuration/web-interface/settings/sources/syslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.