互联网技术圈互联网技术圈互联网技术圈

» »

« Stomp output plugin Tcp output plugin »

Syslog output plugin

Plugin version: v3.0.5
Released on: 2018-04-06
Changelog

For other versions, see theVersioned plugin docs.

Installation

For plugins not bundled by default, it is easy to install by running bin/logstash-plugin install logstash-output-syslog. See Working with plugins for more details.

Getting Help

For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github.For the list of Elastic supported plugins, please consult the Elastic Support Matrix.

Description

Send events to a syslog server.

You can send messages compliant with RFC3164 or RFC5424using either UDP or TCP as the transport protocol.

By default the contents of the message field will be shipped asthe free-form message text part of the emitted syslog message. Ifyour messages don’t have a message field or if you for some otherreason want to change the emitted message, modify the messageconfiguration option.

Syslog Output Configuration Options

This plugin supports the following configuration options plus the Common Options described later.

Setting	Input type	Required
`appname`	string	No
`facility`	string	No
`host`	string	Yes
`message`	string	No
`msgid`	string	No
`port`	number	Yes
`priority`	string	No
`procid`	string	No
`protocol`	string, one of `["tcp", "udp", "ssl-tcp"]`	No
`reconnect_interval`	number	No
`rfc`	string, one of `["rfc3164", "rfc5424"]`	No
`severity`	string	No
`sourcehost`	string	No
`ssl_cacert`	a valid filesystem path	No
`ssl_cert`	a valid filesystem path	No
`ssl_key`	a valid filesystem path	No
`ssl_key_passphrase`	password	No
`ssl_verify`	boolean	No
`use_labels`	boolean	No

Also see Common Options for a list of options supported by alloutput plugins.

`appname`

Value type is string
Default value is "LOGSTASH"

application name for syslog message. The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`facility`

Value type is string
Default value is "user-level"

facility label for syslog messagedefault fallback to user-level as in rfc3164The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`host`

This is a required setting.
Value type is string
There is no default value for this setting.

syslog server address to connect to

`message`

Value type is string
Default value is "%{message}"

message text to log. The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`msgid`

Value type is string
Default value is "-"

message id for syslog message. The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`port`

This is a required setting.
Value type is number
There is no default value for this setting.

syslog server port to connect to

`priority`

Value type is string
Default value is "%{syslog_pri}"

syslog priorityThe new value can include %{foo} stringsto help you build a new value from other parts of the event.

`procid`

Value type is string
Default value is "-"

process id for syslog message. The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`protocol`

Value can be any of: tcp, udp, ssl-tcp
Default value is "udp"

syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp

`reconnect_interval`

Value type is number
Default value is 1

when connection fails, retry interval in sec.

`rfc`

Value can be any of: rfc3164, rfc5424
Default value is "rfc3164"

syslog message format: you can choose between rfc3164 or rfc5424

`severity`

Value type is string
Default value is "notice"

severity label for syslog messagedefault fallback to notice as in rfc3164The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`sourcehost`

Value type is string
Default value is "%{host}"

source host for syslog message. The new value can include %{foo} stringsto help you build a new value from other parts of the event.

`ssl_cacert`

Value type is path
There is no default value for this setting.

The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.

`ssl_cert`

Value type is path
There is no default value for this setting.

SSL certificate path

`ssl_key`

Value type is path
There is no default value for this setting.

SSL key path

`ssl_key_passphrase`

Value type is password
Default value is nil

SSL key passphrase

`ssl_verify`

Value type is boolean
Default value is false

Verify the identity of the other end of the SSL connection against the CA.

`use_labels`

Value type is boolean
Default value is true

use label parsing for severity and facility levelsuse priority field if set to false

Common Options

The following configuration options are supported by all output plugins:

Setting	Input type	Required
`codec`	codec	No
`enable_metric`	boolean	No
`id`	string	No

`codec`

Value type is codec
Default value is "plain"

The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output without needing a separate filter in your Logstash pipeline.

`enable_metric`

Value type is boolean
Default value is true

Disable or enable metric logging for this specific plugin instance.By default we record all the metrics we can, but you can disable metrics collectionfor a specific plugin.

`id`

Value type is string
There is no default value for this setting.

Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one.It is strongly recommended to set this ID in your configuration. This is particularly usefulwhen you have two or more plugins of the same type. For example, if you have 2 syslog outputs.Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

output {  syslog {    id => "my_plugin_id"  }}

« Stomp output plugin Tcp output plugin »