IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« stomp tcp »

› ›

syslog

edit

syslog

edit

Version: 3.0.1
Released on: 2016-07-14
Changelog
Compatible: 5.1.1.1, 5.0.0, 2.4.1, 2.4.0, 2.3.4

This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-syslog.

Send events to a syslog server.

You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol.

By default the contents of the message field will be shipped as the free-form message text part of the emitted syslog message. If your messages don’t have a message field or if you for some other reason want to change the emitted message, modify the message configuration option.

Synopsis

edit

This plugin supports the following configuration options:

Required configuration options:

syslog {
    host => ...
    port => ...
}

Available configuration options:

Setting	Input type	Required	Default value
`appname`	string	No	`"LOGSTASH"`
`codec`	codec	No	`"plain"`
`enable_metric`	boolean	No	`true`
`facility`	string	No	`"user-level"`
`host`	string	Yes
`id`	string	No
`message`	string	No	`"%{message}"`
`msgid`	string	No	`"-"`
`port`	number	Yes
`priority`	string	No	`"%{syslog_pri}"`
`procid`	string	No	`"-"`
`protocol`	string, one of `["tcp", "udp", "ssl-tcp"]`	No	`"udp"`
`reconnect_interval`	number	No	`1`
`rfc`	string, one of `["rfc3164", "rfc5424"]`	No	`"rfc3164"`
`severity`	string	No	`"notice"`
`sourcehost`	string	No	`"%{host}"`
`ssl_cacert`	a valid filesystem path	No
`ssl_cert`	a valid filesystem path	No
`ssl_key`	a valid filesystem path	No
`ssl_key_passphrase`	password	No	`nil`
`ssl_verify`	boolean	No	`false`
`use_labels`	boolean	No	`true`
`workers`	<<,>>	No	`1`

Details

edit

`appname`

edit

Value type is string
Default value is "LOGSTASH"

application name for syslog message. The new value can include %{foo} strings to help you build a new value from other parts of the event.

`codec`

edit

Value type is codec
Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output, without needing a separate filter in your Logstash pipeline.

`enable_metric`

edit

Value type is boolean
Default value is true

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

`facility`

edit

Value type is string
Default value is "user-level"

facility label for syslog message default fallback to user-level as in rfc3164 The new value can include %{foo} strings to help you build a new value from other parts of the event.

`host`

edit

This is a required setting.
Value type is string
There is no default value for this setting.

syslog server address to connect to

`id`

edit

Value type is string
There is no default value for this setting.

Add a unique ID to the plugin instance, this ID is used for tracking information for a specific configuration of the plugin.

output {
 stdout {
   id => "ABC"
 }
}

If you don’t explicitely set this variable Logstash will generate a unique name.

`message`

edit

Value type is string
Default value is "%{message}"

message text to log. The new value can include %{foo} strings to help you build a new value from other parts of the event.

`msgid`

edit

Value type is string
Default value is "-"

message id for syslog message. The new value can include %{foo} strings to help you build a new value from other parts of the event.

`port`

edit

This is a required setting.
Value type is number
There is no default value for this setting.

syslog server port to connect to

`priority`

edit

Value type is string
Default value is "%{syslog_pri}"

syslog priority The new value can include %{foo} strings to help you build a new value from other parts of the event.

`procid`

edit

Value type is string
Default value is "-"

process id for syslog message. The new value can include %{foo} strings to help you build a new value from other parts of the event.

`protocol`

edit

Value can be any of: tcp, udp, ssl-tcp
Default value is "udp"

syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp

`reconnect_interval`

edit

Value type is number
Default value is 1

when connection fails, retry interval in sec.

`rfc`

edit

Value can be any of: rfc3164, rfc5424
Default value is "rfc3164"

syslog message format: you can choose between rfc3164 or rfc5424

`severity`

edit

Value type is string
Default value is "notice"

severity label for syslog message default fallback to notice as in rfc3164 The new value can include %{foo} strings to help you build a new value from other parts of the event.