Syslog output plugin
- Plugin version: v3.0.5
- Released on: 2018-04-06
- Changelog
For other versions, see theVersioned plugin docs.
For plugins not bundled by default, it is easy to install by runningbin/logstash-plugin install logstash-output-syslog. SeeWorking with plugins for more details.
For questions about the plugin, open a topic in theDiscuss forums. For bugs or feature requests, open an issue inGithub. For the list of Elastic supported plugins, please consult theElastic Support Matrix.
Send events to a syslog server.
You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol.
By default the contents of themessage field will be shipped as the free-form message text part of the emitted syslog message. If your messages don’t have amessage field or if you for some other reason want to change the emitted message, modify themessage configuration option.
This plugin supports the following configuration options plus theCommon options described later.
| Setting | Input type | Required |
|---|---|---|
appname | string | No |
facility | string | No |
host | string | Yes |
message | string | No |
msgid | string | No |
port | number | Yes |
priority | string | No |
procid | string | No |
protocol | string, one of["tcp", "udp", "ssl-tcp"] | No |
reconnect_interval | number | No |
rfc | string, one of["rfc3164", "rfc5424"] | No |
severity | string | No |
sourcehost | string | No |
ssl_cacert | a valid filesystem path | No |
ssl_cert | a valid filesystem path | No |
ssl_key | a valid filesystem path | No |
ssl_key_passphrase | password | No |
ssl_verify | boolean | No |
use_labels | boolean | No |
Also seeCommon options for a list of options supported by all output plugins.
- Value type isstring
- Default value is
"LOGSTASH"
application name for syslog message. The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value type isstring
- Default value is
"user-level"
facility label for syslog message default fallback to user-level as in rfc3164 The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- This is a required setting.
- Value type isstring
- There is no default value for this setting.
syslog server address to connect to
- Value type isstring
- Default value is
"%{{message}}"
message text to log. The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value type isstring
- Default value is
"-"
message id for syslog message. The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- This is a required setting.
- Value type isnumber
- There is no default value for this setting.
syslog server port to connect to
- Value type isstring
- Default value is
"%{{syslog_pri}}"
syslog priority The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value type isstring
- Default value is
"-"
process id for syslog message. The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value can be any of:
tcp,udp,ssl-tcp - Default value is
"udp"
syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp
- Value type isnumber
- Default value is
1
when connection fails, retry interval in sec.
- Value can be any of:
rfc3164,rfc5424 - Default value is
"rfc3164"
syslog message format: you can choose between rfc3164 or rfc5424
- Value type isstring
- Default value is
"notice"
severity label for syslog message default fallback to notice as in rfc3164 The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value type isstring
- Default value is
"%{{host}}"
source host for syslog message. The new value can include%{{foo}} strings to help you build a new value from other parts of the event.
- Value type ispath
- There is no default value for this setting.
The SSL CA certificate, chainfile or CA path. The system CA path is automatically included.
- Value type ispath
- There is no default value for this setting.
SSL certificate path
- Value type ispath
- There is no default value for this setting.
SSL key path
- Value type ispassword
- Default value is
nil
SSL key passphrase
- Value type isboolean
- Default value is
false
Verify the identity of the other end of the SSL connection against the CA.
- Value type isboolean
- Default value is
true
use label parsing for severity and facility levels use priority field if set to false
These configuration options are supported by all output plugins:
- Value type iscodec
- Default value is
"plain"
The codec used for output data. Output codecs are a convenient method for encoding your data before it leaves the output without needing a separate filter in your Logstash pipeline.
- Value type isboolean
- Default value is
true
Disable or enable metric logging for this specific plugin instance. By default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
- Value type isstring
- There is no default value for this setting.
Add a uniqueID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type. For example, if you have 2 syslog outputs. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
output { syslog { id => "my_plugin_id" }}Variable substitution in theid field only supports environment variables and does not support the use of values from the secret store.