Syslog
The Syslog output plugin allows you to deliver messages to Syslog servers, it supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.
As of Fluent Bit v1.5.3, the configuration is very strict in terms that you must be aware about the structure of your original record, so you can configure the plugin to use specific keys to compose your outgoing Syslog message.
Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.
Key | Description | Default |
host | Domain or IP address of the remote Syslog server. | 127.0.0.1 |
port | TCP or UDP port of the remote Syslog server. | 514 |
mode | Set the desired transport type, the available options are | udp |
syslog_format | Specify the Syslog protocol format to use, the available options are | rfc5424 |
syslog_maxsize | Set the maximum size allowed per message. The value must be only integers representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by | ​ |
syslog_severity_key | Specify the name of the key from the original record that contains the Syslog severity number. This configuration is optional. | ​ |
syslog_facility_key | Specify the name of the key from the original record that contains the Syslog facility number. This configuration is optional. | ​ |
syslog_hostname_key | Specify the key name from the original record that contains the hostname that generated the message. This configuration is optional. | ​ |
syslog_appname_key | Specify the key name from the original record that contains the application name that generated the message. This configuration is optional. | ​ |
syslog_procid_key | Specify the key name from the original record that contains the Process ID that generated the message. This configuration is optional. | ​ |
syslog_msgid_key | Specify the key name from the original record that contains the Message ID associated to the message. This configuration is optional. | ​ |
syslog_sd_key | Specify the key name from the original record that contains the Structured Data (SD) content. This configuration is optional. | ​ |
syslog_message_key | Specify the key name that contains the message to deliver. Note that if this property is mandatory, otherwise the message will be empty | ​ |
Get started quickly with this configuration file:
[OUTPUT]name syslogmatch *host syslog.yourserver.comport 514mode udpsyslog_format rfc5424syslog_maxsize 2048syslog_severity_key severitysyslog_facility_key facilitysyslog_hostname_key hostnamesyslog_appname_key appnamesyslog_procid_key procidsyslog_msgid_key msgidsyslog_sd_key sdsyslog_message_key message
