#1 Global Leader in Data Protection & Ransomware Recovery
#1 Global Leader in Data Protection & Ransomware Recovery
BACK TO KB LIST

How to Configure Advanced Syslog Integration Options

KB ID: 4522
Product: Veeam Backup & Replication | 12.1
Published: 2023-12-05
Last Modified: 2023-12-05
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1.

Solution

The following advanced configuration options are available:

Add BOM Before MSG Field

Add the Unicode byte order mask (BOM) before the MSG field.

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogWriteUtf8Preamble
Value Type: DWORD (32-Bit) Value
Value Data: 1

The default value is 0 for disabled.

PowerShell command to create this registry value:

New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SyslogWriteUtf8Preamble' -Value 1 -PropertyType DWORD -Force

Use Octet Count Prefix as Message Delimiter

[For TCP or TLS connections] Use the octet count prefix as a syslog message delimiter instead of \n character

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpUseOctetCount
Value Type: DWORD (32-Bit) Value
Value Data: 1

The default value is 0 for disabled.

PowerShell command to create this registry value:

New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SyslogTcpUseOctetCount' -Value 1 -PropertyType DWORD -Force

TCP Connect Timeout

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpConnectTimeoutSeconds
Value Type: DWORD (32-Bit) Value
Value Data (Dec): 10

This value controls the TCP connection timeout for establishing communication with the remote syslog server before dropping the message. The default value is 10 seconds.

PowerShell command to create this registry value:
Change the value in the command before executing.

New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SyslogWriteUtf8Preamble' -Value 10 -PropertyType DWORD -Force

TCP Send Timeout

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogTcpSendTimeoutSeconds
Value Type: DWORD (32-Bit) Value
Value Data (Dec): 10

This value controls the TCP send timeout before terminating the connection and trying to establish a new one. The default value is 10 seconds.

PowerShell command to create this registry value:
Change the value in the command before executing.

New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SyslogTcpSendTimeoutSeconds' -Value 10 -PropertyType DWORD -Force

Control Certification Revocation Check Failure Tolerance

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: SyslogCRLCheckMode
Value Type: DWORD (32-Bit) Value
Value Data: 2

This key controls the verification logic of the TLS certificates from Syslog receivers when using the TLS option for Syslog. The key was added for environments where the Veeam Backup Server cannot access the internet and cannot make a check against a CRL (certificate revocation list) to determine if the certificate that the syslog server presents was revoked or not.

Possible Settings:

  • 0 - Treat any CRL error as a connection failure.
  • 1 - Ignore the 'OfflineRevocation' flag. This flag is raised if the certificate has been checked using cached CRL because the primary CRL is offline.
  • 2 - Ignore both the 'OfflineRevocation' flag and the 'RevocationStatusUnknown' flag. This flag is raised if the CRL server is unreachable. (Default)
  • 3 - Skip checking CRL altogether.

PowerShell command to create this registry value:
Change the value in the command before executing.

New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SyslogCRLCheckMode' -Value 2 -PropertyType DWORD -Force

More Information

Syslog event forwarding is based on RFC 5424: The Syslog Protocol.

For TCP/TLS RFC6587 specification is used.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.