Skip to main content

Stratora v2.2.0 -- Syslog Destinations

· 3 min read
Stratora Team

Stratora 2.2.0 is available. This release introduces Syslog Destinations, enabling real-time forwarding of every Stratora audit event to one or more external syslog receivers — for compliance log retention (SOC 2, HIPAA, PCI-DSS) and centralized security monitoring alongside your existing SIEM.

Syslog Destinations

Every action Stratora records in its audit log — sign-ins, configuration changes, alert acknowledgments, license operations, and more — is now eligible for real-time forwarding to an external receiver. Configure destinations from Settings → Syslog Destinations using a 4-step wizard (Details → Connection → Format → Review).

The destination set supports the receivers most organizations already run:

  • Splunk — Universal Forwarder, HTTP Event Collector, or syslog-ng front-end
  • Elastic Stack — Logstash with the syslog input plugin
  • Graylog — native syslog inputs (UDP, TCP, TCP+TLS)
  • Any RFC-compliant syslog receiver — UDP, TCP, or TCP+TLS transport, with RFC 5424 (modern, structured-data) or RFC 3164 (legacy BSD) framing

For TLS-protected receivers signed by an internal CA, the wizard accepts a custom CA upload at Step 3 so you can trust your internal certificate chain without touching the OS trust store.

Per-destination isolation

Each destination ships independently with its own bounded retry queue. A slow or failing destination doesn't block events to a healthy one — if your Splunk indexer is down for maintenance, your Graylog backup continues receiving events unimpeded.

A new three-state passive health classification (Healthy / Failing / Unknown) tells you at a glance which destinations are working. Health reflects shipping reliability only — not event volume — so a destination that simply hasn't received events recently (because the system is quiet) remains Healthy. A rich tooltip on each destination's status pill surfaces last-shipped time, last-failure message, and shipped/dropped counters on hover.

When any destination enters the Failing state, a banner appears at the top of every page (admin-only, dismissible per page view) so the condition surfaces immediately rather than waiting for someone to visit the Syslog Destinations list.

Wire format validation

Stratora's RFC 5424 encoder has been validated against rsyslog 8.2102 (Rocky Linux 8) and rsyslog 8.2504 (Debian 13). Wire format is byte-identical across both receivers, ensuring consistent SIEM ingest regardless of which collector platform sits in front of your final indexer.

Getting started

See Syslog Destinations for the full setup walkthrough and per-SIEM integration guides covering Splunk, Elastic, and Graylog end-to-end.

Bundled components

  • Agent 2.2.0 (Windows)
  • Agent 2.2.0 (Linux)
  • Collector 2.2.0

Downloads: github.com/Stratora-Platforms/stratora-releases/releases/tag/v2.2.0