syslog
editsyslog
editThis is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/plugin install logstash-output-syslog
.
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 UDP or TCP syslog transport is supported
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
syslog { facility => ... host => ... port => ... severity => ... }
Available configuration options:
Setting | Input type | Required | Default value |
---|---|---|---|
No |
|
||
No |
|
||
string, one of |
Yes |
||
Yes |
|||
No |
|
||
Yes |
|||
No |
|
||
string, one of |
No |
|
|
string, one of |
No |
|
|
string, one of |
Yes |
||
No |
|
||
No |
|
Details
edit
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
exclude_tags
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events without any of these tags. Optional.
facility
edit- This is a required setting.
-
Value can be any of:
kernel
,user-level
,mail
,daemon
,security/authorization
,syslogd
,line printer
,network news
,uucp
,clock
,security/authorization
,ftp
,ntp
,log audit
,log alert
,clock
,local0
,local1
,local2
,local3
,local4
,local5
,local6
,local7
- There is no default value for this setting.
facility label for syslog message
host
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
syslog server address to connect to
port
edit- This is a required setting.
- Value type is number
- There is no default value for this setting.
syslog server port to connect to
protocol
edit-
Value can be any of:
tcp
,udp
-
Default value is
"udp"
syslog server protocol. you can choose between udp and tcp
rfc
edit-
Value can be any of:
rfc3164
,rfc5424
-
Default value is
"rfc3164"
syslog message format: you can choose between rfc3164 or rfc5424
severity
edit- This is a required setting.
-
Value can be any of:
emergency
,alert
,critical
,error
,warning
,notice
,informational
,debug
- There is no default value for this setting.
severity label for syslog message
tags
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events with all of these tags. Optional.
timestamp
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
"%{@timestamp}"
timestamp for syslog message
type
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
""
The type to act on. If a type is given, then this output will only
act on messages with the same type. See any input plugin’s type
attribute for more.
Optional.