The Syslog output plugin allows you to deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
As of Fluent Bit v1.5.3 the configuration is very strict. You must be aware of the structure of your original record so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.
Key | Description | Default |
---|---|---|
The Syslog output plugin supports TLS/SSL. For more details about the properties available and general configuration, please refer to the TLS/SSL section.
Get started quickly with this configuration file:
The following is an example of how to configure the syslog_sd_key
to send Structured Data to the remote Syslog server.
Example log:
Example configuration file:
Example output:
Some services use the structured data field to pass authentication tokens (e.g. [<token>@41018]
), which would need to be added to each log message dynamically. However, this requires setting the token as a key rather than as a value. Here's an example of how that might be achieved, using AUTH_TOKEN
as a variable:
host
Domain or IP address of the remote Syslog server.
127.0.0.1
port
TCP or UDP port of the remote Syslog server.
514
mode
Desired transport type. Available options are tcp
and udp
.
udp
syslog_format
The Syslog protocol format to use. Available options are rfc3164
and rfc5424
.
rfc5424
syslog_maxsize
The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by syslog_format
.
rfc3164
sets max size to 1024 bytes.
rfc5424
sets the size to 2048 bytes.
syslog_severity_key
The key name from the original record that contains the Syslog severity number. This configuration is optional.
syslog_severity_preset
The preset severity number. It will be overwritten if syslog_severity_key
is set and a key of a record is matched. This configuration is optional.
6
syslog_facility_key
The key name from the original record that contains the Syslog facility number. This configuration is optional.
syslog_facility_preset
The preset facility number. It will be overwritten if syslog_facility_key
is set and a key of a record is matched. This configuration is optional.
1
syslog_hostname_key
The key name from the original record that contains the hostname that generated the message. This configuration is optional.
syslog_hostname_preset
The preset hostname. It will be overwritten if syslog_hostname_key
is set and a key of a record is matched. This configuration is optional.
syslog_appname_key
The key name from the original record that contains the application name that generated the message. This configuration is optional.
syslog_appname_preset
The preset application name. It will be overwritten if syslog_appname_key
is set and a key of a record is matched. This configuration is optional.
syslog_procid_key
The key name from the original record that contains the Process ID that generated the message. This configuration is optional.
syslog_procid_preset
The preset process ID. It will be overwritten if syslog_procid_key
is set and a key of a record is matched. This configuration is optional.
syslog_msgid_key
The key name from the original record that contains the Message ID associated to the message. This configuration is optional.
syslog_msgid_preset
The preset message ID. It will be overwritten if syslog_msgid_key
is set and a key of a record is matched. This configuration is optional.
syslog_sd_key
The key name from the original record that contains a map of key/value pairs to use as Structured Data (SD) content. The key name is included in the resulting SD field as shown in examples below. This configuration is optional.
syslog_message_key
The key name from the original record that contains the message to deliver. Note that this property is mandatory, otherwise the message will be empty.
allow_longer_sd_id
If true, Fluent-bit allows SD-ID that is longer than 32 characters. Such long SD-ID violates RFC 5424.
false
workers
The number of workers to perform flush operations for this output.
0