---
title: Socket Source
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Observability Pipelines > Sources > Socket Source
---

# Socket Source

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}
Available for:
{% icon name="icon-logs" /%}
 Logs 
## Overview{% #overview %}

Use Observability Pipelines' Socket source to send logs to the Worker over a socket connection (TCP or UDP).

## Prerequisites{% #prerequisites %}

If your forwarders are globally configured to enable SSL, you need the appropriate TLS certificates and the password for your private key.

## Setup{% #setup %}

Set up this source when you [set up a pipeline](https://docs.datadoghq.com/observability_pipelines/configuration/set_up_pipelines.md). You can set up a pipeline in the [UI](https://app.datadoghq.com/observability-pipelines), using the [API](https://docs.datadoghq.com/api/latest/observability-pipelines.md), or with [Terraform](https://registry.terraform.io/providers/datadog/datadog/latest/docs/resources/observability_pipeline). The instructions in this section are for setting up the source in the UI.

{% alert level="danger" %}
For Secrets Management: Only enter the identifiers for the socket address and, if applicable, the TLS key pass. Do not enter the actual values.
{% /alert %}

{% alert level="info" %}
If you enter secret identifiers and then choose to use environment variables, the environment variable is the identifier entered and prepended with `DD_OP_`. For example, if you entered `PASSWORD_1` for a password identifier, the environment variable for that password is `DD_OP_PASSWORD_1`.
{% /alert %}

After you select the Socket source in the pipeline UI:

1. Enter the identifier for your socket address. If you leave it blank, the default is used.
1. In the Mode dropdown menu, select the socket type to use.
1. In the Framing dropdown menu, select how to delimit the stream of events.
| FRAMING METHOD        | DESCRIPTION                                                                                                                               |
| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| `newline_delimited`   | Byte frames are delimited by a newline character.                                                                                         |
| `bytes`               | Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments). |
| `character_delimited` | Byte frames are delimited by a chosen character.                                                                                          |
| `chunked_gelf`        | Byte frames are chunked GELF messages.                                                                                                    |
| `octet_counting`      | Byte frames are delimited according to the octet counting format.                                                                         |

### Optional TLS settings{% #optional-tls-settings %}

Toggle the switch to **Enable TLS**.

- If you are using Secrets Management, enter the identifier for the key pass. See Set secrets for the default used if the field is left blank.
- The following certificate and key files are required:
  - `Server Certificate Path`: The path to the certificate file that has been signed by your Certificate Authority (CA) root file in DER, PEM, or CRT (X.509).
  - `CA Certificate Path`: The path to the certificate file that is your Certificate Authority (CA) root file in DER, PEM, or CRT (X.509).
  - `Private Key Path`: The path to the `.key` private key file that belongs to your Server Certificate Path in DER, PEM, or CRT (PKCS #8) format.
  - **Notes**:
    - The configuration data directory `/var/lib/observability-pipelines-worker/config/` is automatically appended to the file paths. See [Advanced Worker Configurations](https://docs.datadoghq.com/observability_pipelines/configuration/install_the_worker/advanced_worker_configurations.md) for more information.
    - The file must be readable by the `observability-pipelines-worker` group and user.

- (Optional) Toggle **Verify certificate** to require connecting clients to present a valid client certificate. This enforces mutual TLS (mTLS), where the Worker verifies the identity of each connecting client.

## Secret defaults{% #secret-defaults %}

These are the defaults used for secret identifiers and environment variables.

{% tab title="Secrets Management" %}

- Socket address identifier:
  - References the address and port where the Observability Pipelines Worker listens for incoming logs.
  - The default identifier is `SOURCE_SOCKET_ADDRESS`.
- Socket TLS passphrase identifier (when TLS is enabled):
  - The default identifier is `SOURCE_SOCKET_KEY_PASS`.

{% /tab %}

{% tab title="Environment Variables" %}

- Socket address:

  - The address and port where the Observability Pipelines Worker listens for incoming logs.
  - The default environment variable is `DD_OP_SOURCE_SOCKET_ADDRESS`.

- TLS passphrase (when enabled):

  - The default environment variable is `DD_OP_SOURCE_SOCKET_KEY_PASS`.

{% /tab %}