Fluentd
0.12
0.12
  • Introduction
  • Overview
    • Getting Started
    • Installation
    • Life of a Fluentd event
    • Support
    • FAQ
  • Use Cases
    • Centralized App Logging
    • Monitoring Service Logs
    • Data Analytics
    • Connecting to Data Storages
    • Stream Processing
    • Windows Event Collection
    • IoT Data Logger
  • Configuration
    • Config File Syntax
    • Routing Examples
    • Recipes
  • Deployment
    • Logging
    • Monitoring
    • Signals
    • RPC
    • High Availability Config
    • Failure Scenarios
    • Performance Tuning
    • Plugin Management
    • Trouble Shooting
    • Secure Forwarding
    • Fluentd UI
    • Command Line Option
  • Container Deployment
    • Docker Image
    • Docker Logging Driver
    • Docker Compose
    • Kubernetes
  • Input Plugins
    • tail
    • forward
    • secure_forward
    • udp
    • tcp
    • http
    • unix
    • syslog
    • exec
    • scribe
    • multiprocess
    • dummy
    • Others
  • Output Plugins
    • file
    • s3
    • kafka
    • forward
    • secure_forward
    • exec
    • exec_filter
    • copy
    • geoip
    • roundrobin
    • stdout
    • null
    • webhdfs
    • splunk
    • mongo
    • mongo_replset
    • relabel
    • rewrite_tag_filter
    • Others
  • Buffer Plugins
    • memory
    • file
  • Filter Plugins
    • record_transformer
    • grep
    • parser
    • stdout
  • Parser Plugins
    • regexp
    • apache2
    • apache_error
    • nginx
    • syslog
    • ltsv
    • csv
    • tsv
    • json
    • multiline
    • none
  • Formatter Plugins
    • out_file
    • json
    • ltsv
    • csv
    • msgpack
    • hash
    • single_value
  • Developer
    • Plugin Development
    • Community
    • Mailing List
    • Source Code
    • Bug Tracking
    • ChangeLog
    • Logo
  • Articles
    • Store Apache Logs into MongoDB
    • Apache To Riak
    • Store Apache Logs into Amazon S3
    • Before Install
    • Cep Norikra
    • Collect Glusterfs Logs
    • Common Log Formats
    • Docker Logging Efk Compose
    • Docker Logging
    • Filter Modify Apache
    • Forwarding Over Ssl
    • Free Alternative To Splunk By Fluentd
    • Data Collection to Hadoop (HDFS)
    • Data Analytics with Treasure Data
    • Install By Chef
    • Install By Deb
    • Install By Dmg
    • Install By Gem
    • Install By Rpm
    • Install From Source
    • Install On Beanstalk
    • Install On Heroku
    • Java
    • Kinesis Stream
    • Kubernetes Fluentd
    • Monitoring by Prometheus
    • Monitoring by Rest Api
    • Nodejs
    • Performance Tuning Multi Process
    • Performance Tuning Single Process
    • Perl
    • Php
    • Python
    • Quickstart
    • Raspberrypi Cloud Data Logger
    • Recipe Apache Logs To Elasticsearch
    • Recipe Apache Logs To Mongo
    • Recipe Apache Logs To S3
    • Recipe Apache Logs To Treasure Data
    • Recipe Cloudstack To Mongodb
    • Recipe Csv To Elasticsearch
    • Recipe Csv To Mongo
    • Recipe Csv To S3
    • Recipe Csv To Treasure Data
    • Recipe Http Rest Api To Elasticsearch
    • Recipe Http Rest Api To Mongo
    • Recipe Http Rest Api To S3
    • Recipe Http Rest Api To Treasure Data
    • Recipe Json To Elasticsearch
    • Recipe Json To Mongo
    • Recipe Json To S3
    • Recipe Json To Treasure Data
    • Recipe Nginx To Elasticsearch
    • Recipe Nginx To Mongo
    • Recipe Nginx To S3
    • Recipe Nginx To Treasure Data
    • Recipe Syslog To Elasticsearch
    • Recipe Syslog To Mongo
    • Recipe Syslog To S3
    • Recipe Syslog To Treasure Data
    • Recipe Tsv To Elasticsearch
    • Recipe Tsv To Mongo
    • Recipe Tsv To S3
    • Recipe Tsv To Treasure Data
    • Ruby
    • Scala
    • Splunk Like Grep And Alert Email
Powered by GitBook
On this page
  • Example Configuration
  • Example Usage
  • Parameters
  • type (required)
  • tag (required)
  • port
  • bind
  • protocol_type
  • message_length_limit
  • message_format
  • format
  • with_priority
  • include_source_host
  • source_hostname_key
  • priority_key
  • facility_key
  • TCP protocol and message delimiter

Was this helpful?

  1. Input Plugins

syslog

PreviousunixNextexec

Last updated 5 years ago

Was this helpful?

The in_syslog Input plugin enables Fluentd to retrieve records via the syslog protocol on UDP or TCP.

Example Configuration

in_syslog is included in Fluentd's core. No additional installation process is required.

<source>
  @type syslog
  port 5140
  bind 0.0.0.0
  tag system
</source>

Example Usage

tag = "#{@tag}.#{facility}.#{priority}"

record = {
  "pri": "0",
  "time": 1353436518,
  "host": "host",
  "ident": "ident",
  "pid": "12345",
  "message": "text"
}

Parameters

type (required)

The value must be syslog.

tag (required)

port

The port to listen to. Default Value = 5140

bind

The bind address to listen to. Default Value = 0.0.0.0 (all addresses)

protocol_type

The transport protocol used to receive logs. "udp" and "tcp" are supported. "udp" by default.

message_length_limit

The max bytes of syslog message. Default is 2048. If you send larger message, change this parameter.

message_format

This parameter is available since v0.12.33.

Specify protocol format. Supported values are rfc3164, rfc5424 and auto. Default is rfc3164. If your syslog uses rfc5424, use rfc5424 instead. Here is an example of message:

# rfc3164
<6>Feb 28 12:00:00 192.168.0.1 fluentd[11111]: [error] Hello!
# rfc5424
<16>1 2017-02-28T12:00:00.009Z 192.168.0.1 fluentd - - - Hello!

auto is useful when in_syslog receives both rfc3164 and rfc5424 message per source. in_syslog detects message format by using message prefix and parse it.

format

<source>
  @type syslog
  tag system
  format FORMAT_PARAMETER
</source>

Your format regexp should not consider the 'priority' prefix of the log. For example, if in_syslog receives the log below:

 <1>Feb 20 00:00:00 192.168.0.1 fluentd[11111]: [error] hogehoge

then the format parser receives the following log:

 Feb 20 00:00:00 192.168.0.1 fluentd[11111]: [error] hogehoge

If the format parameter is missing, then the log data is assumed to have the canonical syslog format (see with_priority).

with_priority

This option matters only when format is absent. If with_priority is true, then syslog messages are assumed to be prefixed with a priority tag like "\". This option exists since some syslog daemons output logs without the priority tag preceding the message body.

include_source_host

If true, add source host to event record. The default is false. This is deprecated. Use source_hostname_key.

source_hostname_key

The field name of the client's hostname. If set the value, the client's hostname will be set to its key. The default is nil (no adding hostname).

priority_key

The field name of the priority. If set the value, the priority will be set to its key. The default is nil (no adding priority).

facility_key

The field name of the facility. If set the value, the facility will be set to its key. The default is nil (no adding facility).

log_level option

The log_level option allows the user to set different levels of logging for each plugin. The supported log levels are: fatal, error, warn, info, debug, and trace.

TCP protocol and message delimiter

Please see the article for the basic structure and syntax of the configuration file.

The retrieved data is organized as follows. Fluentd's tag is generated by the tag parameter (tag prefix), , and . The record is parsed by the regexp .

The prefix of the tag. The tag itself is generated by the tag prefix, , and .

The format of the log. This option is used to parse non-standard syslog formats using .

If you wish to parse syslog messages of arbitrary formats, or are recommended.

Please see the for further details.

This plugin assumes \n for delimiter character between syslog messages in one TCP connection. If you use syslog library in your application with protocol_type tcp, add \n to your syslog message. See also .

If this article is incorrect or outdated, or omits critical information, please . is a open source project under . All components are available under the Apache 2 License.

Config File
facility level
priority
here
facility level
priority
parser plugins
in_tcp
in_udp
logging article
rfc6587
let us know
Fluentd
Cloud Native Computing Foundation (CNCF)