Syslog

The Syslog output plugin allows you to deliver messages to Syslog servers, it supports RFC3164 and RFC5424 formats through different transports such as UDP, TCP or TLS.

As of Fluent Bit v1.5.3, the configuration is very strict in terms that you must be aware about the structure of your original record, so you can configure the plugin to use specific keys to compose your outgoing Syslog message.

Future versions of Fluent Bit are expanding this plugin feature set to support better handling of keys and message composing.

Configuration Parameters

Key Description Default
host Domain or IP address of the remote Syslog server. 127.0.0.1
port TCP or UDP port of the remote Syslog server. 514
mode Set the desired transport type, the available options are tcp, tls and udp. udp
syslog_format Specify the Syslog protocol format to use, the available options are rfc3164 and rfc5424. rfc5424
syslog_maxsize Set the maximum size allowed per message. The value must be only integers representing the number of bytes allowed. If no value is provided, the default size is set depending of the protocol version specified by syslog_format , rfc3164 sets max size to 1024 bytes, while rfc5424 sets the size to 2048 bytes.
syslog_severity_key Specify the name of the key from the original record that contains the Syslog severity number. This configuration is optional.
syslog_facility_key Specify the name of the key from the original record that contains the Syslog facility number. This configuration is optional.
syslog_hostname_key Specify the key name from the original record that contains the hostname that generated the message. This configuration is optional.
syslog_appname_key Specify the key name from the original record that contains the application name that generated the message. This configuration is optional.
syslog_procid_key Specify the key name from the original record that contains the Process ID that generated the message. This configuration is optional.
syslog_msgid_key Specify the key name from the original record that contains the Message ID associated to the message. This configuration is optional.
syslog_sd_key Specify the key name from the original record that contains the Structured Data (SD) content. This configuration is optional.
syslog_message_key Specify the key name that contains the message to deliver. Note that if this property is mandatory, otherwise the message will be empty

Configuration File

Get started quickly with this configuration file:

  1. [OUTPUT]
  2.     name                 syslog
  3.     match                *
  4.     host                 syslog.yourserver.com
  5.     port                 514
  6.     mode                 udp
  7.     syslog_format        rfc5424
  8.     syslog_maxsize       2048
  9.     syslog_severity_key  severity
  10.     syslog_facility_key  facility
  11.     syslog_hostname_key  hostname
  12.     syslog_appname_key   appname
  13.     syslog_procid_key    procid
  14.     syslog_msgid_key     msgid
  15.     syslog_sd_key        sd
  16.     syslog_message_key   message