TCP (om_tcp)

This module initiates a TCP connection to a remote host and transfers log messages. Or, in Listen mode, this module accepts client connections and multiplexes data to all connected clients. The TCP transfer protocol provides more reliable log transmission than UDP. If security is a concern, consider using the om_ssl module instead.

To examine the supported platforms, see the list of installer packages in the Available Modules chapter.

Configuration

The om_tcp module accepts the following directives in addition to the common module directives. The Host or ListenAddr directive is required.

Required directives

The following directives are required for the module to start.

Use either Host for the connect or ListenAddr for the listen mode.

Host

The module connects to the IP address or hostname defined in this directive. If additional hosts are specified on new lines, the module works in a failover configuration. If a destination becomes unavailable, the module automatically fails over to the next one. If the last destination becomes unavailable, the module fails over to the first destination.

The port number can be defined by appending it at the end of the hostname or IP address using a colon as a separator (host:port). For each destination with no port number defined here, the port number specified in the Port directive is used. Port numbers defined here take precedence over any port number defined in the Port directive. The default port is 514.

When the Host directive is used with a hostname instead of an IP address, the hostname will be resolved to an IP address for each new connection. If a resolver, e.g. DNS, returns multiple IP addresses, the module will connect to the first IP address. If a single output instance is configured with multiple Host directives or the resolver returns multiple addresses for a name, these hosts are accessed in failover mode. If a Host directive is configured with a hostname, the product performs a name lookup and establishes the connection to the first reachable address in the returned set of addresses. The module will remain connected to that address until it is stopped, or the connection is severed. DNS changes are therefore not picked up by the module without intervention. If the connection fails to the first address of the set, the module will attempt to connect to the next address, until it reaches the end of the set of addresses. Then it performs a lookup on the next Host directive, if so configured. Once all options are exhausted, the module will start over from the first Host directive, cycling through them again until the connection can be re-established.

ListenAddr

The module listens for connections on this IP address or DNS hostname. The default is localhost. Add the port number to listen on to the end of a host using a colon as a separator (host:port).

To listen on multiple addresses or ports in a single module instance, this directive can be repeated multiple times. Both IPv4 and IPv6 addresses are supported. If a DNS name is used, the number of addresses or cnames should be kept below 16 to avoid potential issues caused by DNS response size limits.

Port

The module connects to the port number on the destination host defined in this directive. This configuration is only used for any destination that does not have a port number specified in the Host directive. If no port is configured for a destination in either directive, the default port is used, which is port 514. Alternatively, if Listen is set to TRUE, the module listens for connections on this port.

The Port directive will become deprecated from NXLog EE 6.0. After that, the port can only be defined in the Host directive.

Optional directives

Listen

If TRUE, this boolean directive specifies that om_tcp should listen for connections at the local address specified by the Host and Port directives rather than opening a connection to the address. The default is FALSE: om_tcp connects to the specified address.

The Listen directive will become deprecated from NXLog EE 6.0. Use either Host for connect mode or ListenAddr for listen mode.

LocalPort

This optional directive specifies the local port number of the connection. This directive only applies if Listen is set to FALSE. If this is not specified, a random high port number will be used, which is not always ideal in firewalled network environments.

Due to the required TIME-WAIT delay in closing connections, attempts to bind to LocalPort may fail. In such cases, the message Address already in use will be written to nxlog.log. If the situation persists, it could impede network performance.

OutputType

See the OutputType directive in the list of common module directives. The default is LineBased_LF.

QueueInListenMode

If set to TRUE, this boolean directive specifies that events should be queued if no client is connected. If this module’s buffer becomes full, the preceding module in the route will be paused or events will be dropped, depending on whether FlowControl is enabled. This directive only applies if Listen is set to TRUE. The default is FALSE: om_tcp will discard events if no client is connected.

Reconnect

This optional directive sets the reconnect interval in seconds. If it is set, the module attempts to reconnect in every defined second. If it is not set, the reconnect interval will start at 1 second and doubles with every attempt. If the duration of the successful connection is greater than the current reconnect interval, then the reconnect interval will be reset to 1 sec.

The Reconnect directive must be used with caution. If it is used on multiple systems, it can send reconnect requests simultaneously to the same destination, potentially overloading the destination system. It may also cause NXLog to use unusually high system resources or cause NXLog to become unresponsive.

TCPNoDelay

This boolean directive is used to turn off the network optimization performed by Nagle’s algorithm. Nagle’s algorithm is a network optimization tweak that tries to reduce the number of small packets sent out to the network, by merging them into bigger frames, and by not sending them to the other side of the session before receiving the ACK. If this directive is unset, the TCP_NODELAY socket option will not be set.

TCP connections are kept alive by keep-alive packets. This feature is enabled by default and cannot be disabled.

Procedures

The following procedures are exported by om_tcp.

reconnect();

Force a reconnection. This can be used from a Schedule block to periodically reconnect to the server.

The reconnect() procedure must be used with caution. If configured, it can attempt to reconnect after every event sent, potentially overloading the destination system.

Examples

Example 1. Transferring Raw Logs over TCP

With this configuration, NXLog will read log messages from socket and forward them via TCP.

nxlog.conf

<Input uds>
    Module  im_uds
    UDS     /dev/log
</Input>

<Output tcp>
    Module  om_tcp
    Host    192.168.1.1:1514
</Output>

<Route uds_to_tcp>
    Path    uds => tcp
</Route>

Example 2. Sending logs over TCP with Failover

This configuration sends logs via TCP in a failover configuration (multiple Hosts defined).

nxlog.conf

<Output tcp>
    Module  om_tcp
    Host    192.168.1.2:1514
    Host    192.168.1.3:1234
    Host    example.com:1234
</Output>