You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pipeline/outputs/syslog.md
+37-43Lines changed: 37 additions & 43 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,46 +1,40 @@
1
1
# Syslog
2
2
3
-
The Syslog output plugin allows you to deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
4
-
5
-
As of Fluent Bit v1.5.3 the configuration is very strict.
6
-
You must be aware of the structure of your original record so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
7
-
8
-
> Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.
| host | Domain or IP address of the remote Syslog server. | 127.0.0.1 |
15
-
| port | TCP or UDP port of the remote Syslog server. | 514 |
16
-
| mode | Desired transport type. Available options are `tcp` and `udp`. | udp |
17
-
| syslog\_format | The Syslog protocol format to use. Available options are `rfc3164` and `rfc5424`. | rfc5424 |
18
-
| syslog\_maxsize | The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by `syslog_format`.<br><br>`rfc3164` sets max size to 1024 bytes.<br><br>`rfc5424` sets the size to 2048 bytes. ||
19
-
| syslog\_severity\_key | The key name from the original record that contains the Syslog severity number. This configuration is optional. ||
20
-
| syslog\_severity\_preset | The preset severity number. It will be overwritten if `syslog_severity_key` is set and a key of a record is matched. This configuration is optional. | 6 |
21
-
| syslog\_facility\_key | The key name from the original record that contains the Syslog facility number. This configuration is optional. ||
22
-
| syslog\_facility\_preset | The preset facility number. It will be overwritten if `syslog_facility_key` is set and a key of a record is matched. This configuration is optional. | 1 |
23
-
| syslog\_hostname\_key | The key name from the original record that contains the hostname that generated the message. This configuration is optional. ||
24
-
| syslog\_hostname\_preset | The preset hostname. It will be overwritten if `syslog_hostname_key` is set and a key of a record is matched. This configuration is optional. ||
25
-
| syslog\_appname\_key | The key name from the original record that contains the application name that generated the message. This configuration is optional. ||
26
-
| syslog\_appname\_preset | The preset application name. It will be overwritten if `syslog_appname_key` is set and a key of a record is matched. This configuration is optional. ||
27
-
| syslog\_procid\_key | The key name from the original record that contains the Process ID that generated the message. This configuration is optional. ||
28
-
| syslog\_procid\_preset | The preset process ID. It will be overwritten if `syslog_procid_key` is set and a key of a record is matched. This configuration is optional. ||
29
-
| syslog\_msgid\_key | The key name from the original record that contains the Message ID associated to the message. This configuration is optional. ||
30
-
| syslog\_msgid\_preset | The preset message ID. It will be overwritten if `syslog_msgid_key` is set and a key of a record is matched. This configuration is optional. ||
31
-
| syslog\_sd\_key | The key name from the original record that contains a map of key/value pairs to use as Structured Data \(SD\) content. The key name is included in the resulting SD field as shown in examples below. This configuration is optional. ||
32
-
| syslog\_message\_key | The key name from the original record that contains the message to deliver. Note that this property is **mandatory**, otherwise the message will be empty. ||
33
-
| allow\_longer\_sd\_id | If true, Fluent-bit allows SD-ID that is longer than 32 characters. Such long SD-ID violates RFC 5424. | false |
34
-
| workers | The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. |`0`|
3
+
The _Syslog_ output plugin lets you deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
4
+
5
+
## Configuration parameters
6
+
7
+
| Key | Description | Default |
8
+
| --- | ----------- | ------- |
9
+
|`host`| Domain or IP address of the remote Syslog server. |`127.0.0.1`|
10
+
|`port`| TCP or UDP port of the remote Syslog server. |`514`|
11
+
|`mode`| Desired transport type. Available options are `tcp` and `udp`. |`udp`|
12
+
|`syslog_format`| The Syslog protocol format to use. Available options are `rfc3164` and `rfc5424`. |`rfc5424`|
13
+
|`syslog_maxsize`| The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by `syslog_format`. The value `rfc3164` sets max size to 1024 bytes, and `rfc5424` sets the size to 2048 bytes. |_none_|
14
+
|`syslog_severity_key`| The key name from the original record that contains the Syslog severity number. This configuration is optional. |_none_|
15
+
|`syslog_severity_preset`| The preset severity number. It will be overwritten if `syslog_severity_key` is set and a key of a record is matched. This configuration is optional. |`6`|
16
+
|`syslog_facility_key`| The key name from the original record that contains the Syslog facility number. This configuration is optional. |_none_|
17
+
|`syslog_facility_preset`| The preset facility number. It will be overwritten if `syslog_facility_key` is set and a key of a record is matched. This configuration is optional. |`1`|
18
+
|`syslog_hostname_key`| The key name from the original record that contains the hostname that generated the message. This configuration is optional. |_none_|
19
+
|`syslog_hostname_preset`| The preset hostname. It will be overwritten if `syslog_hostname_key` is set and a key of a record is matched. This configuration is optional. |_none_|
20
+
|`syslog_appname_key`| The key name from the original record that contains the application name that generated the message. This configuration is optional. |_none_|
21
+
|`syslog_appname_preset`| The preset application name. It will be overwritten if `syslog_appname_key` is set and a key of a record is matched. This configuration is optional. |_none_|
22
+
|`syslog_procid_key`| The key name from the original record that contains the Process ID that generated the message. This configuration is optional. |_none_|
23
+
|`syslog_procid_preset`| The preset process ID. It will be overwritten if `syslog_procid_key` is set and a key of a record is matched. This configuration is optional. |_none_|
24
+
|`syslog_msgid_key`| The key name from the original record that contains the Message ID associated to the message. This configuration is optional. |_none_|
25
+
|`syslog_msgid_preset`| The preset message ID. It will be overwritten if `syslog_msgid_key` is set and a key of a record is matched. This configuration is optional. |_none_|
26
+
|`syslog_sd_key`| The key name from the original record that contains a map of key/value pairs to use as Structured Data \(SD\) content. The key name is included in the resulting SD field as shown in the examples in this doc. This configuration is optional. |_none_|
27
+
|`syslog_message_key`| The key name from the original record that contains the message to deliver. Be aware that this property is required, otherwise the message will be empty. |_none_|
28
+
|`allow_longer_sd_id`| If `true`, Fluent-bit allows SD-ID values that are longer than 32 characters. SD-ID values that exceed 32 characters violate RFC5424 standards. |`false`|
29
+
|`workers`| The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. |`0`|
35
30
36
31
### TLS / SSL
37
32
38
-
The Syslog output plugin supports TLS/SSL.
39
-
For more details about the properties available and general configuration, see [TLS/SSL](../../administration/transport-security.md).
33
+
The Syslog output plugin supports TLS/SSL. For more details about the properties available and general configuration, see [TLS/SSL](../../administration/transport-security.md).
40
34
41
35
## Examples
42
36
43
-
### Configuration File
37
+
### Configuration file
44
38
45
39
Get started quickly with this configuration file:
46
40
@@ -49,7 +43,7 @@ Get started quickly with this configuration file:
49
43
50
44
```yaml
51
45
pipeline:
52
-
46
+
53
47
outputs:
54
48
- name: syslog
55
49
match: "*"
@@ -93,7 +87,7 @@ pipeline:
93
87
{% endtab %}
94
88
{% endtabs %}
95
89
96
-
### Structured Data
90
+
### Structured data
97
91
98
92
The following is an example of how to configure the `syslog_sd_key` to send Structured Data to the remote Syslog server.
99
93
@@ -121,7 +115,7 @@ Example configuration file:
121
115
122
116
```yaml
123
117
pipeline:
124
-
118
+
125
119
outputs:
126
120
- name: syslog
127
121
match: "*"
@@ -169,18 +163,18 @@ Example output:
169
163
...
170
164
```
171
165
172
-
### Adding Structured Data Authentication Token
166
+
### Add structured data authentication token
167
+
168
+
Some services use the structured data field to pass authentication tokens (for example, `[<token>@41018]`), which would need to be added to each log message dynamically. However, this requires setting the token as a key rather than as a value.
173
169
174
-
Some services use the structured data field to pass authentication tokens (e.g. `[<token>@41018]`), which would need to be added to each log message dynamically.
175
-
However, this requires setting the token as a key rather than as a value.
176
170
Here's an example of how that might be achieved, using `AUTH_TOKEN` as a [variable](../../administration/configuring-fluent-bit/classic-mode/variables.md):
0 commit comments