Syslog
The Syslog output plugin allows you to deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
As of Fluent Bit v1.5.3 the configuration is very strict. You must be aware of the structure of your original record so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.
Configuration Parameters
host
Domain or IP address of the remote Syslog server.
127.0.0.1
port
TCP or UDP port of the remote Syslog server.
514
mode
Desired transport type. Available options are tcp, tls and udp.
udp
syslog_format
The Syslog protocol format to use. Available options are rfc3164 and rfc5424.
rfc5424
syslog_maxsize
The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by syslog_format.
rfc3164 sets max size to 1024 bytes.
rfc5424 sets the size to 2048 bytes.
syslog_severity_key
The key name from the original record that contains the Syslog severity number. This configuration is optional.
syslog_severity_preset
The preset severity number. It will be overwritten if syslog_severity_key is set and a key of a record is matched. This configuration is optional.
6
syslog_facility_key
The key name from the original record that contains the Syslog facility number. This configuration is optional.
syslog_facility_preset
The preset facility number. It will be overwritten if syslog_facility_key is set and a key of a record is matched. This configuration is optional.
1
syslog_hostname_key
The key name from the original record that contains the hostname that generated the message. This configuration is optional.
syslog_hostname_preset
The preset hostname. It will be overwritten if syslog_hostname_key is set and a key of a record is matched. This configuration is optional.
syslog_appname_key
The key name from the original record that contains the application name that generated the message. This configuration is optional.
syslog_appname_preset
The preset application name. It will be overwritten if syslog_appname_key is set and a key of a record is matched. This configuration is optional.
syslog_procid_key
The key name from the original record that contains the Process ID that generated the message. This configuration is optional.
syslog_procid_preset
The preset process ID. It will be overwritten if syslog_procid_key is set and a key of a record is matched. This configuration is optional.
syslog_msgid_key
The key name from the original record that contains the Message ID associated to the message. This configuration is optional.
syslog_msgid_preset
The preset message ID. It will be overwritten if syslog_msgid_key is set and a key of a record is matched. This configuration is optional.
syslog_sd_key
The key name from the original record that contains the Structured Data (SD) content. This configuration is optional.
syslog_message_key
The key name from the original record that contains the message to deliver. Note that this property is mandatory, otherwise the message will be empty.
allow_longer_sd_id
If true, Fluent-bit allows SD-ID that is longer than 32 characters. Such long SD-ID violates RFC 5424.
false
Examples
Configuration File
Get started quickly with this configuration file:
Structured Data
The following is an example of how to configure the syslog_sd_key to send Structured Data to the remote Syslog server.
Example log:
Example configuration file:
Example output:
Last updated
Was this helpful?