Syslog
The Syslog output plugin allows you to deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
As of Fluent Bit v1.5.3 the configuration is very strict. You must be aware of the structure of your original record so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.
Configuration Parameters
Key
Description
Default
host
Domain or IP address of the remote Syslog server.
127.0.0.1
port
TCP or UDP port of the remote Syslog server.
514
mode
Desired transport type. Available options are
tcp, tls and udp.udp
syslog_format
The Syslog protocol format to use. Available options are
rfc3164 and rfc5424.rfc5424
syslog_maxsize
The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by
syslog_format.
rfc3164 sets max size to 1024 bytes.
rfc5424 sets the size to 2048 bytes.​
syslog_severity_key
The key name from the original record that contains the Syslog severity number. This configuration is optional.
​
syslog_facility_key
The key name from the original record that contains the Syslog facility number. This configuration is optional.
​
syslog_hostname_key
The key name from the original record that contains the hostname that generated the message. This configuration is optional.
​
syslog_appname_key
The key name from the original record that contains the application name that generated the message. This configuration is optional.
​
syslog_procid_key
The key name from the original record that contains the Process ID that generated the message. This configuration is optional.
​
syslog_msgid_key
The key name from the original record that contains the Message ID associated to the message. This configuration is optional.
​
syslog_sd_key
The key name from the original record that contains the Structured Data (SD) content. This configuration is optional.
​
syslog_message_key
The key name from the original record that contains the message to deliver. Note that this property is mandatory, otherwise the message will be empty.
​
Examples
Configuration File
Get started quickly with this configuration file:
1
[OUTPUT]
2
name syslog
3
match *
4
host syslog.yourserver.com
5
port 514
6
mode udp
7
syslog_format rfc5424
8
syslog_maxsize 2048
9
syslog_severity_key severity
10
syslog_facility_key facility
11
syslog_hostname_key hostname
12
syslog_appname_key appname
13
syslog_procid_key procid
14
syslog_msgid_key msgid
15
syslog_sd_key sd
16
syslog_message_key message
Copied!
Structured Data
The following is an example of how to configure the
syslog_sd_key to send Structured Data to the remote Syslog server.Example log:
1
{
2
"hostname": "myhost",
3
"appname": "myapp",
4
"procid": "1234",
5
"msgid": "ID98",
6
"[email protected]": {
7
"logtype": "access",
8
"clustername": "mycluster",
9
"namespace": "mynamespace"
10
},
11
"log": "Sample app log message."
12
}
Copied!
Example configuration file:
1
[OUTPUT]
2
name syslog
3
match *
4
host syslog.yourserver.com
5
port 514
6
mode udp
7
syslog_format rfc5424
8
syslog_maxsize 2048
9
syslog_hostname_key hostname
10
syslog_appname_key appname
11
syslog_procid_key procid
12
syslog_msgid_key msgid
13
syslog_sd_key [email protected]
14
syslog_message_key log
Copied!
Example output:
1
<14>1 2021-07-12T14:37:35.569848Z myhost myapp 1234 ID98 [[email protected] logtype="access" clustername="mycluster" namespace="mynamespace"] Sample app log message.
Copied!
Last modified 4mo ago
Export as PDF
Copy link