:plugin: syslog :type: output /////////////////////////////////////////// START - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// :version: %VERSION% :release_date: %RELEASE_DATE% :changelog_url: %CHANGELOG_URL% :include_path: ../../../../logstash/docs/include /////////////////////////////////////////// END - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// [id="plugins-{type}s-{plugin}"] === Syslog output plugin include::{include_path}/plugin_header.asciidoc[] ==== Description Send events to a syslog server. You can send messages compliant with RFC3164 or RFC5424 using either UDP or TCP as the transport protocol. By default the contents of the `message` field will be shipped as the free-form message text part of the emitted syslog message. If your messages don't have a `message` field or if you for some other reason want to change the emitted message, modify the `message` configuration option. [id="plugins-{type}s-{plugin}-options"] ==== Syslog Output Configuration Options This plugin supports the following configuration options plus the <> described later. [cols="<,<,<",options="header",] |======================================================================= |Setting |Input type|Required | <> |<>|No | <> |<>|No | <> |<>|Yes | <> |<>|No | <> |<>|No | <> |<>|Yes | <> |<>|No | <> |<>|No | <> |<>, one of `["tcp", "udp", "ssl-tcp"]`|No | <> |<>|No | <> |<>, one of `["rfc3164", "rfc5424"]`|No | <> |<>|No | <> |<>|No | <> |a valid filesystem path|No | <> |a valid filesystem path|No | <> |a valid filesystem path|No | <> |<>|No | <> |<>|No | <> |<>|No |======================================================================= Also see <> for a list of options supported by all output plugins.   [id="plugins-{type}s-{plugin}-appname"] ===== `appname` * Value type is <> * Default value is `"LOGSTASH"` application name for syslog message. The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-facility"] ===== `facility` * Value type is <> * Default value is `"user-level"` facility label for syslog message default fallback to user-level as in rfc3164 The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-host"] ===== `host` * This is a required setting. * Value type is <> * There is no default value for this setting. syslog server address to connect to [id="plugins-{type}s-{plugin}-message"] ===== `message` * Value type is <> * Default value is `"%{message}"` message text to log. The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-msgid"] ===== `msgid` * Value type is <> * Default value is `"-"` message id for syslog message. The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-port"] ===== `port` * This is a required setting. * Value type is <> * There is no default value for this setting. syslog server port to connect to [id="plugins-{type}s-{plugin}-priority"] ===== `priority` * Value type is <> * Default value is `"%{syslog_pri}"` syslog priority The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-procid"] ===== `procid` * Value type is <> * Default value is `"-"` process id for syslog message. The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-protocol"] ===== `protocol` * Value can be any of: `tcp`, `udp`, `ssl-tcp` * Default value is `"udp"` syslog server protocol. you can choose between udp, tcp and ssl/tls over tcp [id="plugins-{type}s-{plugin}-reconnect_interval"] ===== `reconnect_interval` * Value type is <> * Default value is `1` when connection fails, retry interval in sec. [id="plugins-{type}s-{plugin}-rfc"] ===== `rfc` * Value can be any of: `rfc3164`, `rfc5424` * Default value is `"rfc3164"` syslog message format: you can choose between rfc3164 or rfc5424 [id="plugins-{type}s-{plugin}-severity"] ===== `severity` * Value type is <> * Default value is `"notice"` severity label for syslog message default fallback to notice as in rfc3164 The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-sourcehost"] ===== `sourcehost` * Value type is <> * Default value is `"%{host}"` source host for syslog message. The new value can include `%{foo}` strings to help you build a new value from other parts of the event. [id="plugins-{type}s-{plugin}-ssl_cacert"] ===== `ssl_cacert` * Value type is <> * There is no default value for this setting. The SSL CA certificate, chainfile or CA path. The system CA path is automatically included. [id="plugins-{type}s-{plugin}-ssl_cert"] ===== `ssl_cert` * Value type is <> * There is no default value for this setting. SSL certificate path [id="plugins-{type}s-{plugin}-ssl_key"] ===== `ssl_key` * Value type is <> * There is no default value for this setting. SSL key path [id="plugins-{type}s-{plugin}-ssl_key_passphrase"] ===== `ssl_key_passphrase` * Value type is <> * Default value is `nil` SSL key passphrase [id="plugins-{type}s-{plugin}-ssl_verify"] ===== `ssl_verify` * Value type is <> * Default value is `false` Verify the identity of the other end of the SSL connection against the CA. [id="plugins-{type}s-{plugin}-use_labels"] ===== `use_labels` * Value type is <> * Default value is `true` use label parsing for severity and facility levels use priority field if set to false [id="plugins-{type}s-{plugin}-common-options"] include::{include_path}/{type}.asciidoc[]