syslog
editsyslog
edit- Version: 3.0.1
- Released on: 2016-07-14
- Changelog
- Compatible: 5.1.1.1, 5.0.0, 2.4.1, 2.4.0, 2.3.4
This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-syslog
.
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol.
By default the contents of the message
field will be shipped as
the free-form message text part of the emitted syslog message. If
your messages don’t have a message
field or if you for some other
reason want to change the emitted message, modify the message
configuration option.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
syslog { host => ... port => ... }
Available configuration options:
Setting | Input type | Required | Default value |
---|---|---|---|
No |
|
||
No |
|
||
No |
|
||
No |
|
||
Yes |
|||
No |
|||
No |
|
||
No |
|
||
Yes |
|||
No |
|
||
No |
|
||
string, one of |
No |
|
|
No |
|
||
string, one of |
No |
|
|
No |
|
||
No |
|
||
a valid filesystem path |
No |
||
a valid filesystem path |
No |
||
a valid filesystem path |
No |
||
No |
|
||
No |
|
||
No |
|
||
<<,>> |
No |
|
Details
edit
appname
edit- Value type is string
-
Default value is
"LOGSTASH"
application name for syslog message. The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.
enable_metric
edit- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
facility
edit- Value type is string
-
Default value is
"user-level"
facility label for syslog message
default fallback to user-level as in rfc3164
The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
host
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
syslog server address to connect to
id
edit- Value type is string
- There is no default value for this setting.
Add a unique ID
to the plugin instance, this ID
is used for tracking
information for a specific configuration of the plugin.
output { stdout { id => "ABC" } }
If you don’t explicitely set this variable Logstash will generate a unique name.
message
edit- Value type is string
-
Default value is
"%{message}"
message text to log. The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
msgid
edit- Value type is string
-
Default value is
"-"
message id for syslog message. The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
port
edit- This is a required setting.
- Value type is number
- There is no default value for this setting.
syslog server port to connect to
priority
edit- Value type is string
-
Default value is
"%{syslog_pri}"
syslog priority
The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
procid
edit- Value type is string
-
Default value is
"-"
process id for syslog message. The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
protocol
edit-
Value can be any of:
tcp
,udp
,ssl-tcp
-
Default value is
"udp"
syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp
reconnect_interval
edit- Value type is number
-
Default value is
1
when connection fails, retry interval in sec.
rfc
edit-
Value can be any of:
rfc3164
,rfc5424
-
Default value is
"rfc3164"
syslog message format: you can choose between rfc3164 or rfc5424
severity
edit- Value type is string
-
Default value is
"notice"
severity label for syslog message
default fallback to notice as in rfc3164
The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
sourcehost
edit- Value type is string
-
Default value is
"%{host}"
source host for syslog message. The new value can include %{foo}
strings
to help you build a new value from other parts of the event.
ssl_cacert
edit- Value type is path
- There is no default value for this setting.
The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
ssl_verify
edit- Value type is boolean
-
Default value is
false
Verify the identity of the other end of the SSL connection against the CA.