---
title: Socket Source
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Observability Pipelines > Sources > Socket Source
---

# Socket Source

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}
Available for:
{% icon name="icon-logs" /%}
 Logs 
## Overview{% #overview %}

Use Observability Pipelines' Socket source to send logs to the Worker over a socket connection (TCP or UDP).

## Prerequisites{% #prerequisites %}

If your forwarders are globally configured to enable SSL, you need the appropriate TLS certificates and the password for your private key.

## Setup{% #setup %}

Set up this source when you [set up a pipeline](https://docs.datadoghq.com/observability_pipelines/configuration/set_up_pipelines/). You can set up a pipeline in the [UI](https://app.datadoghq.com/observability-pipelines), using the [API](https://docs.datadoghq.com/api/latest/observability-pipelines/), or with [Terraform](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/observability_pipeline). The instructions in this section are for setting up the source in the UI.

{% alert level="danger" %}
Only enter the identifiers for the socket address and, if applicable, the TLS key pass. Do not enter the actual values.
{% /alert %}

1. Enter the identifier for your socket address. If you leave it blank, the default is used.
1. In the **Mode** dropdown menu, select the socket type to use.
1. In the **Framing** dropdown menu, select how to delimit the stream of events.
| FRAMING METHOD        | DESCRIPTION                                                                                                                               |
| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `newline_delimited`   | Byte frames are delimited by a newline character.                                                                                         |
| `bytes`               | Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments). |
| `character_delimited` | Byte frames are delimited by a chosen character.                                                                                          |
| `chunked_gelf`        | Byte frames are chunked GELF messages.                                                                                                    |
| `octet_counting`      | Byte frames are delimited according to the octet counting format.                                                                         |

### Optional settings{% #optional-settings %}

If you selected **TCP** mode, toggle the switch to **Enable TLS**. The following certificate and key files are required for TLS.**Note**: All file paths are made relative to the configuration data directory, which is `/var/lib/observability-pipelines-worker/config/` by default. See [Advanced Worker Configurations](https://docs.datadoghq.com/observability_pipelines/configuration/install_the_worker/advanced_worker_configurations/) for more information. The file must be owned by the `observability-pipelines-worker group` and `observability-pipelines-worker` user, or at least readable by the group or user.

- Enter the identifier for your socket key pass. If you leave it blank, the default is used.
- `Server Certificate Path`: The path to the certificate file that has been signed by your Certificate Authority (CA) root file in DER or PEM (X.509).
- `CA Certificate Path`: The path to the certificate file that is your Certificate Authority (CA) root file in DER or PEM (X.509).
- `Private Key Path`: The path to the `.key` private key file that belongs to your Server Certificate Path in DER or PEM (PKCS #8) format.

## Set secrets{% #set-secrets %}

These are the defaults used for secret identifiers and environment variables.

**Note**: If you enter secret identifiers and then choose to use environment variables, the environment variable is the identifier entered and prepended with `DD_OP`. For example, if you entered `PASSWORD_1` for a password identifier, the environment variable for that password is `DD_OP_PASSWORD_1`.

{% tab title="Secrets Management" %}

- Socket address identifier:
  - References the address and port where the Observability Pipelines Worker listens for incoming logs.
  - The default identifier is `SOURCE_SOCKET_ADDRESS`.
- Socket TLS passphrase identifier (when TLS is enabled):
  - The default identifier is `SOURCE_SOCKET_KEY_PASS`.

{% /tab %}

{% tab title="Environment Variables" %}

- Socket address:

  - The address and port where the Observability Pipelines Worker listens for incoming logs.
  - The default environment variable is `DD_OP_SOURCE_SOCKET_ADDRESS`.

- TLS passphrase (when enabled):

  - The default environment variable is `DD_OP_SOURCE_SOCKET_KEY_PASS`.

{% /tab %}