1 of 1

Syslog

Syslog input plugins allows to collect Syslog messages through a Unix socket server (UDP or TCP) or over the network using TCP or UDP.

Configuration Parameters

The plugin supports the following configuration parameters:

Key

Description

Default

Considerations

When using Syslog input plugin, Fluent Bit requires access to the parsers.conf file, the path to this file can be specified with the option -R or through the Parsers_File key on the [SERVICE] section (more details below).
When udp or unix_udp is used, the buffer size to receive messages is configurable only through the Buffer_Chunk_Size option which defaults to 32kb.

Getting Started

In order to receive Syslog messages, you can run the plugin from the command line or through the configuration file:

Command Line

From the command line you can let Fluent Bit listen for Forward messages with the following options:

By default the service will create and listen for Syslog messages on the unix socket /tmp/in_syslog

Configuration File

In your main configuration file append the following Input & Output sections:

Testing

Once Fluent Bit is running, you can send some messages using the logger tool:

In we should see the following output:

Recipes

The following content aims to provide configuration examples for different use cases to integrate Fluent Bit and make it listen for Syslog messages from your systems.

Rsyslog to Fluent Bit: Network mode over TCP

Fluent Bit Configuration

Put the following content in your configuration file:

then start Fluent Bit.

RSyslog Configuration

Add a new file to your rsyslog config rules called 60-fluent-bit.conf inside the directory /etc/rsyslog.d/ and add the following content:

then make sure to restart your rsyslog daemon:

Rsyslog to Fluent Bit: Unix socket mode over UDP

Fluent Bit Configuration

Put the following content in your fluent-bit.conf file:

then start Fluent Bit.

RSyslog Configuration

Add a new file to your rsyslog config rules called 60-fluent-bit.conf inside the directory /etc/rsyslog.d/ and place the following content:

Make sure that the socket file is readable by rsyslog (tweak the Unix_Perm option shown above).

Syslog

Syslog input plugins allows to collect Syslog messages through a Unix socket server (UDP or TCP) or over the network using TCP or UDP.

Configuration Parameters

The plugin supports the following configuration parameters:

Key

Description

Default

Considerations

When using Syslog input plugin, Fluent Bit requires access to the parsers.conf file, the path to this file can be specified with the option -R or through the Parsers_File key on the [SERVICE] section (more details below).
When udp or unix_udp is used, the buffer size to receive messages is configurable only through the Buffer_Chunk_Size option which defaults to 32kb.

Getting Started

In order to receive Syslog messages, you can run the plugin from the command line or through the configuration file:

Command Line

From the command line you can let Fluent Bit listen for Forward messages with the following options:

By default the service will create and listen for Syslog messages on the unix socket /tmp/in_syslog

Configuration File

In your main configuration file append the following Input & Output sections:

Testing

Once Fluent Bit is running, you can send some messages using the logger tool:

In we should see the following output:

Recipes

The following content aims to provide configuration examples for different use cases to integrate Fluent Bit and make it listen for Syslog messages from your systems.

Rsyslog to Fluent Bit: Network mode over TCP

Fluent Bit Configuration

Put the following content in your configuration file:

then start Fluent Bit.

RSyslog Configuration

Add a new file to your rsyslog config rules called 60-fluent-bit.conf inside the directory /etc/rsyslog.d/ and add the following content:

then make sure to restart your rsyslog daemon:

Rsyslog to Fluent Bit: Unix socket mode over UDP

Fluent Bit Configuration

Put the following content in your fluent-bit.conf file:

then start Fluent Bit.

RSyslog Configuration

Add a new file to your rsyslog config rules called 60-fluent-bit.conf inside the directory /etc/rsyslog.d/ and place the following content:

Make sure that the socket file is readable by rsyslog (tweak the Unix_Perm option shown above).

Syslog

hashtagConfiguration Parameters

hashtagConsiderations

hashtagGetting Started

hashtagCommand Line

hashtagConfiguration File

hashtagTesting

hashtagRecipes

hashtagRsyslog to Fluent Bit: Network mode over TCP

hashtagFluent Bit Configuration

hashtagRSyslog Configuration

hashtagRsyslog to Fluent Bit: Unix socket mode over UDP

hashtagFluent Bit Configuration

hashtagRSyslog Configuration

Syslog

hashtagConfiguration Parameters

hashtagConsiderations

hashtagGetting Started

hashtagCommand Line

hashtagConfiguration File

hashtagTesting

hashtagRecipes

hashtagRsyslog to Fluent Bit: Network mode over TCP

hashtagFluent Bit Configuration

hashtagRSyslog Configuration

hashtagRsyslog to Fluent Bit: Unix socket mode over UDP

hashtagFluent Bit Configuration

hashtagRSyslog Configuration

Configuration Parameters

Considerations

Getting Started

Command Line

Configuration File

Testing

Recipes

Rsyslog to Fluent Bit: Network mode over TCP

Fluent Bit Configuration

RSyslog Configuration

Rsyslog to Fluent Bit: Unix socket mode over UDP

Fluent Bit Configuration

RSyslog Configuration

Configuration Parameters

Considerations

Getting Started

Command Line

Configuration File

Testing

Recipes

Rsyslog to Fluent Bit: Network mode over TCP

Fluent Bit Configuration

RSyslog Configuration

Rsyslog to Fluent Bit: Unix socket mode over UDP

Fluent Bit Configuration

RSyslog Configuration