Skip to content
Integrations/Syslog over TLS Receiver/Connection Guide
Connection Guide

Connect Syslog over TLS Receiver Without Breaking the Audit Trail

Use this guide to connect Syslog over TLS Receiver or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary
Connection typeLog collection
CategoryLogging
Checklist4 steps
Want help with rollout?
We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Syslog over TLS Receiver and make sure the first collection lands cleanly.

  1. 1
    Configure your syslog sender to forward RFC5424 over TLS to the platform receiver endpoint.
  2. 2
    If your deployment uses **custom TLS termination** for this receiver, provide `server_cert` and `server_key` secrets. Optionally provide `optional_client_ca` for mutual TLS (mTLS).
  3. 3
    If your deployment uses **platform-managed TLS termination**, set `platform_managed_tls=true` in connection config (TLS secrets are not required).
  4. 4
    Send a test syslog message and confirm it is ingested as `security.event` with `source=syslog_tls`.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

server_certserver_keyoptional_client_ca

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.