Skip to main content
Version: 1.1.x

Uplinks

What are nzyme uplinks?#

Nzyme can natively send all recorded frames and related meta-information to log management systems. This opens up several additional use-cases for nzyme:

  • Forensic analysis during incident response. Find out if an attacker has been around before nzyme detected them or investigate what else the attacker did. Use the stored frames to determine who was targeted and if someone was successfully compromised.
  • Long-term storage for long-term trending using log management visualization features
  • Additional custom alerting using log management correlation and alerting engine

Available uplink types#

Currently, nzyme supports the following uplink types:

Configuration#

You can configure as many uplinks as you wish. The following example configures an uplink of each available type and shows all available configuration options:

uplinks: [  {    type: graylog    configuration: {      host: logs.example.org      port: 9001    }  }    {    type: syslog_udp_rfc5424    configuration: {      host: logs.example.org      port: 9002    }  }
  {    type: syslog_udp_rfc3164    configuration: {      host: logs.example.org      port: 9003    }  }]