Fluent Bit: Official Manual
SlackGitHubCommunity Meetings101 Sandbox
Search…
1.9
Fluent Bit v1.9 Documentation
About
What is Fluent Bit?
A Brief History of Fluent Bit
Fluentd & Fluent Bit
License
Concepts
Key Concepts
Buffering
Data Pipeline
Installation
Getting Started with Fluent Bit
Upgrade Notes
Supported Platforms
Requirements
Sources
Linux Packages
Docker
Containers on AWS
Amazon EC2
Kubernetes
macOS
Windows
Yocto / Embedded Linux
Administration
Configuring Fluent Bit
Security
Buffering & Storage
Backpressure
Scheduling and Retries
Networking
Memory Management
Monitoring
Dump Internals / Signal
HTTP Proxy
Local Testing
Validating your Data and Structure
Running a Logging Pipeline Locally
Data Pipeline
Pipeline Monitoring
Inputs
Parsers
Filters
Outputs
Amazon CloudWatch
Amazon Kinesis Data Firehose
Amazon Kinesis Data Streams
Amazon S3
Azure Blob
Azure Log Analytics
Counter
Datadog
Elasticsearch
File
FlowCounter
Forward
GELF
Google Cloud BigQuery
HTTP
InfluxDB
Kafka
Kafka REST Proxy
LogDNA
Loki
NATS
New Relic
NULL
Observe
OpenSearch
OpenTelemetry
PostgreSQL
Prometheus Exporter
Prometheus Remote Write
SkyWalking
Slack
Splunk
Stackdriver
Standard Output
Syslog
TCP & TLS
Treasure Data
WebSocket
Stream Processing
Introduction to Stream Processing
Overview
Changelog
Getting Started
Fluent Bit for Developers
C Library API
Ingest Records Manually
Golang Output Plugins
Developer guide for beginners on contributing to Fluent Bit
Powered By GitBook
Syslog
The Syslog output plugin allows you to deliver messages to Syslog servers. It supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
As of Fluent Bit v1.5.3 the configuration is very strict. You must be aware of the structure of your original record so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.

Configuration Parameters

Key
Description
Default
host
Domain or IP address of the remote Syslog server.
127.0.0.1
port
TCP or UDP port of the remote Syslog server.
514
mode
Desired transport type. Available options are tcp, tls and udp.
udp
syslog_format
The Syslog protocol format to use. Available options are rfc3164 and rfc5424.
rfc5424
syslog_maxsize
The maximum size allowed per message. The value must be an integer representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by syslog_format. rfc3164 sets max size to 1024 bytes. rfc5424 sets the size to 2048 bytes.
​
syslog_severity_key
The key name from the original record that contains the Syslog severity number. This configuration is optional.
​
syslog_facility_key
The key name from the original record that contains the Syslog facility number. This configuration is optional.
​
syslog_hostname_key
The key name from the original record that contains the hostname that generated the message. This configuration is optional.
​
syslog_appname_key
The key name from the original record that contains the application name that generated the message. This configuration is optional.
​
syslog_procid_key
The key name from the original record that contains the Process ID that generated the message. This configuration is optional.
​
syslog_msgid_key
The key name from the original record that contains the Message ID associated to the message. This configuration is optional.
​
syslog_sd_key
The key name from the original record that contains the Structured Data (SD) content. This configuration is optional.
​
syslog_message_key
The key name from the original record that contains the message to deliver. Note that this property is mandatory, otherwise the message will be empty.
​

Examples

Configuration File

Get started quickly with this configuration file:
[OUTPUT]
name syslog
match *
host syslog.yourserver.com
port 514
mode udp
syslog_format rfc5424
syslog_maxsize 2048
syslog_severity_key severity
syslog_facility_key facility
syslog_hostname_key hostname
syslog_appname_key appname
syslog_procid_key procid
syslog_msgid_key msgid
syslog_sd_key sd
syslog_message_key message

Structured Data

The following is an example of how to configure the syslog_sd_key to send Structured Data to the remote Syslog server.
Example log:
{
"hostname": "myhost",
"appname": "myapp",
"procid": "1234",
"msgid": "ID98",
"[email protected]": {
"logtype": "access",
"clustername": "mycluster",
"namespace": "mynamespace"
},
"log": "Sample app log message."
}
Example configuration file:
[OUTPUT]
name syslog
match *
host syslog.yourserver.com
port 514
mode udp
syslog_format rfc5424
syslog_maxsize 2048
syslog_hostname_key hostname
syslog_appname_key appname
syslog_procid_key procid
syslog_msgid_key msgid
syslog_sd_key [email protected]
syslog_message_key log
Example output:
<14>1 2021-07-12T14:37:35.569848Z myhost myapp 1234 ID98 [[email protected] logtype="access" clustername="mycluster" namespace="mynamespace"] Sample app log message.
Previous
Standard Output
Next
TCP & TLS
Last modified 1mo ago
Export as PDF
Copy link
On this page
Configuration Parameters
Examples
Configuration File
Structured Data