HTTP Event Receiver
LogZilla has a "universal" facility to receive events via HTTP. This is called "universal" because it is not specific to any particular scenario -- it is intended to be used with custom integrations.
LogZilla listens for incoming events via HTTP to its standard
HTTP port (configured by logzilla config HTTP_PORT, see
section 4.8 Backend Configuration Options,
at path /incoming.
Data Format
The events sent to LogZilla need to be formatted as JSON, with structure:
As the JSON array notation indicates, more than one event message can be sent per transmission, if desired. Then each event should have structure:
{
"host": "testhost.org",
"program": "testprogram",
"message": "this is the message",
"extra_fields": {
"city": "Atlanta",
"state": "Georgia"
}
}
Data Contents
The event fields that can be sent to LogZilla via HTTP are:
| Field | Description |
|---|---|
host |
the originating host of the log message |
program |
the program that generated the log message |
severity |
the RFC-3164 severity of the event in the message |
facility |
the RFC-3164 facility of the event in the message |
extra_fields |
individual fields that will be available to the LogZilla rule |
Usage Instructions
When sending events to LogZilla, the API key (with
the appropriate header) must be used. This is documented in
Obtaining an Auth Token.
NOTE: after generating an authorization token the LogZilla
HTTP receiver module must be restarted This can be accomplished
either via standard logzilla restart or by restarting just
the HTTP receiver module:
Upon successful receipt of a JSON events data element, the
HTTP receiver will respond with HTTP status code 200 and message:
Example
An example curl command to show HTTP reception:
curl -H 'Content-Type: application/json' -H 'X-LZ-Access-Key: 7ce02b52bfb225a2b4a0ef992b4c2afe9dc10853aecf97f6' -X POST -d '{ "events": [ { "message": "Test Message", "host": "curl.test", "program": "myapp", "extra_fields": { "city": "Atlanta", "state": "Georgia" } } ] }' 'http://lzserver.company.com/incoming'