Syslog
The Syslog output plugin lets you deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP, or TLS.
Configuration parameters
host
Domain or IP address of the remote Syslog server.
127.0.0.1
port
TCP or UDP port of the remote Syslog server.
514
mode
Desired transport type. Available options are tcp and udp.
udp
syslog_format
The Syslog protocol format to use. Available options are rfc3164 and rfc5424.
rfc5424
syslog_maxsize
The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by syslog_format. The value rfc3164 sets max size to 1024 bytes, and rfc5424 sets the size to 2048 bytes.
none
syslog_severity_key
Optional. The key name from the original record that contains the Syslog severity number.
none
syslog_severity_preset
Optional. The preset severity number. It will be overwritten if syslog_severity_key is set and a key of a record is matched.
6
syslog_facility_key
Optional. The key name from the original record that contains the Syslog facility number.
none
syslog_facility_preset
Optional. The preset facility number. It will be overwritten if syslog_facility_key is set and a key of a record is matched.
1
syslog_hostname_key
Optional. The key name from the original record that contains the hostname that generated the message.
none
syslog_hostname_preset
Optional. The preset hostname. It will be overwritten if syslog_hostname_key is set and a key of a record is matched.
none
syslog_appname_key
Optional. The key name from the original record that contains the application name that generated the message.
none
syslog_appname_preset
Optional. The preset application name. It will be overwritten if syslog_appname_key is set and a key of a record is matched.
none
syslog_procid_key
Optional. The key name from the original record that contains the Process ID that generated the message.
none
syslog_procid_preset
Optional. The preset process ID. It will be overwritten if syslog_procid_key is set and a key of a record is matched.
none
syslog_msgid_key
Optional. The key name from the original record that contains the Message ID associated to the message.
none
syslog_msgid_preset
Optional. The preset message ID. It will be overwritten if syslog_msgid_key is set and a key of a record is matched.
none
syslog_sd_key
Optional. The key name from the original record that contains a map of key/value pairs to use as Structured Data (SD) content. The key name is included in the resulting SD field as shown in the examples in this doc.
none
syslog_message_key
Required. The key name from the original record that contains the message to deliver.
none
allow_longer_sd_id
If true, Fluent Bit allows SD-ID values longer than 32 characters. SD-ID values that exceed 32 characters violate RFC5424 standards.
false
TLS / SSL
The Syslog output plugin supports TLS/SSL. For more details about the properties available and general configuration, see TLS/SSL.
Examples
Configuration file
Get started quickly with this configuration file:
Structured data
The following is an example of how to configure the syslog_sd_key to send Structured Data to the remote Syslog server.
Example log:
Example configuration file:
Example output:
Add structured data authentication token
Some services use the structured data field to pass authentication tokens (for example, [<token>@41018]), which would need to be added to each log message dynamically. However, this requires setting the token as a key rather than as a value.
Here's an example of how that might be achieved, using AUTH_TOKEN as a variable:
Last updated
Was this helpful?