syslog
editsyslog
editThis is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-syslog.
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol.
By default the contents of the message field will be shipped as
the free-form message text part of the emitted syslog message. If
your messages don’t have a message field or if you for some other
reason want to change the emitted message, modify the message
configuration option.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
syslog {
facility => ...
host => ...
port => ...
severity => ...
}
Available configuration options:
| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|
||
No |
|
||
string, one of |
Yes |
||
Yes |
|||
No |
|
||
No |
|
||
Yes |
|||
No |
|
||
string, one of |
No |
|
|
string, one of |
No |
|
|
string, one of |
Yes |
||
No |
|
||
No |
|
Details
edit
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
facility
edit- This is a required setting.
-
Value can be any of:
kernel,user-level,mail,daemon,security/authorization,syslogd,line printer,network news,uucp,clock,security/authorization,ftp,ntp,log audit,log alert,clock,local0,local1,local2,local3,local4,local5,local6,local7 - There is no default value for this setting.
facility label for syslog message
host
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
syslog server address to connect to
port
edit- This is a required setting.
- Value type is number
- There is no default value for this setting.
syslog server port to connect to
protocol
edit-
Value can be any of:
tcp,udp -
Default value is
"udp"
syslog server protocol. you can choose between udp and tcp
rfc
edit-
Value can be any of:
rfc3164,rfc5424 -
Default value is
"rfc3164"
syslog message format: you can choose between rfc3164 or rfc5424
severity
edit- This is a required setting.
-
Value can be any of:
emergency,alert,critical,error,warning,notice,informational,debug - There is no default value for this setting.
severity label for syslog message