How to Configure Advanced Syslog Integration Options
Purpose
Solution
Add BOM Before MSG Field
Add the Unicode byte order mask (BOM) before the MSG field.
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogWriteUtf8Preamble
Value Type: DWORD (32-Bit) Value
Value Data: 1
The default value is 0 for disabled.
PowerShell command to create this registry value:
Use Octet Count Prefix as Message Delimiter
[For TCP or TLS connections] Use the octet count prefix as a syslog message delimiter instead of \n character
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpUseOctetCount
Value Type: DWORD (32-Bit) Value
Value Data: 1
The default value is 0 for disabled.
PowerShell command to create this registry value:
TCP Connect Timeout
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpConnectTimeoutSeconds
Value Type: DWORD (32-Bit) Value
Value Data (Dec): 10
This value controls the TCP connection timeout for establishing communication with the remote syslog server before dropping the message. The default value is 10 seconds.
PowerShell command to create this registry value:
Change the value in the command before executing.
TCP Send Timeout
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpSendTimeoutSeconds
Value Type: DWORD (32-Bit) Value
Value Data (Dec): 10
This value controls the TCP send timeout before terminating the connection and trying to establish a new one. The default value is 10 seconds.
PowerShell command to create this registry value:
Change the value in the command before executing.
Control Certification Revocation Check Failure Tolerance
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogCRLCheckMode
Value Type: DWORD (32-Bit) Value
Value Data: 2
This key controls the verification logic of the TLS certificates from Syslog receivers when using the TLS option for Syslog. The key was added for environments where the Veeam Backup Server cannot access the internet and cannot make a check against a CRL (certificate revocation list) to determine if the certificate that the syslog server presents was revoked or not.
Possible Settings:
- 0 - Treat any CRL error as a connection failure.
- 1 - Ignore the 'OfflineRevocation' flag. This flag is raised if the certificate has been checked using cached CRL because the primary CRL is offline.
- 2 - Ignore both the 'OfflineRevocation' flag and the 'RevocationStatusUnknown' flag. This flag is raised if the CRL server is unreachable. (Default)
- 3 - Skip checking CRL altogether.
PowerShell command to create this registry value:
Change the value in the command before executing.
More Information
Syslog event forwarding is based on RFC 5424: The Syslog Protocol.
For TCP/TLS RFC6587 specification is used.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.