TCP Raw Plaintext Output

This is a Graylog Enterprise feature. A valid Graylog Enterprise license is required.

The TCP Raw/Plaintext Output allows you to send data as UTF-8 encoded text to an arbitrary TCP endpoint (server and port). The data is sent with no additional formatting or encapsulation.

Configure an Output

The TCP Raw/Plaintext Output supports all of the standard Enterprise Output Framework configuration options.

TCP Configuration

  • Destination Hostname/IP
    • The IP address of the system that receives the messages.
  • Destination Port
    • The port on which the destination system listens for messages.
  • Frame Delimiting Method
    • Separates individual messages in the stream.
    • Frame delimiting methods are defined in Sections 3.4.1 and 3.4.2 of IETF RFC 6587.
    • Newline Character A newline character is appended to each message to mark the end of the message. Any newline characters within the message are escaped before sending.
    • Null Character A null character is appended to each message to mark the end of the message. Any null characters within the message are escaped before sending.

    • Octet Counting The length of the message (in bytes) and a space character for separation are prepended to the message. The contents of the message are not altered.

TLS Configuration

  • TLS Trust Certificate Chain File

    • Full, local path to the certificate chain file.

Mutual TLS Configuration

  • Client Certificate File (required if mTLS is enabled)

    • Full, local path to the certificate file to present as the client in the mTLS connection.

  • Client Private Key File (required if mTLS is enabled)

    • Full, local path to the private key to use in the mTLS connection.

  • Server CA Certificate

    • Contents of either the server’s X.509 certificate or a CA X.509 certificate.

There are three different fields that can be used for the server in the mTLS connection. Server CA Certificate is used if provided. If no Server CA Certificate is provided, the TLS Trust Certificate Chain File is used. Finally, if neither of those configuration values are present, the default JDK trust store is used.