syslog
editsyslog
editThis is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/plugin install logstash-output-syslog.
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 UDP or TCP syslog transport is supported
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
syslog {
facility => ...
host => ...
port => ...
severity => ...
}
Available configuration options:
| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|
||
No |
|
||
string, one of |
Yes |
||
Yes |
|||
No |
|
||
Yes |
|||
No |
|
||
string, one of |
No |
|
|
string, one of |
No |
|
|
string, one of |
Yes |
||
No |
|
||
No |
|
Details
edit
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
exclude_tags (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events without any of these tags. Optional.
facility
edit- This is a required setting.
-
Value can be any of:
kernel,user-level,mail,daemon,security/authorization,syslogd,line printer,network news,uucp,clock,security/authorization,ftp,ntp,log audit,log alert,clock,local0,local1,local2,local3,local4,local5,local6,local7 - There is no default value for this setting.
facility label for syslog message
host
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
syslog server address to connect to
port
edit- This is a required setting.
- Value type is number
- There is no default value for this setting.
syslog server port to connect to
protocol
edit-
Value can be any of:
tcp,udp -
Default value is
"udp"
syslog server protocol. you can choose between udp and tcp
rfc
edit-
Value can be any of:
rfc3164,rfc5424 -
Default value is
"rfc3164"
syslog message format: you can choose between rfc3164 or rfc5424
severity
edit- This is a required setting.
-
Value can be any of:
emergency,alert,critical,error,warning,notice,informational,debug - There is no default value for this setting.
severity label for syslog message
tags (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is array
-
Default value is
[]
Only handle events with all of these tags. Optional.
timestamp (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
"%{@timestamp}"
timestamp for syslog message
type (DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
""
The type to act on. If a type is given, then this output will only
act on messages with the same type. See any input plugin’s type
attribute for more.
Optional.