Syslog
Synopsis
Creates a target that forwards log messages to a remote syslog server. Supports multiple transport protocols, message templating, and TLS encryption.
note
The syslog target uses the RFC5424 format for all messages, ensuring modern syslog compatibility.
Schema
- id: <numeric>
name: <string>
description: <string>
type: syslog
pipelines: <pipeline[]>
status: <boolean>
properties:
type: <string>
address: <string>
port: <numeric>
format: <string>
template: <string>
app_name: <string>
priority: <numeric>
tls:
status: <boolean>
verify: <boolean>
cert_name: <string>
key_name: <string>
Configuration
The following are the minimum requirements to define the target.
| Field | Required | Default | Description |
|---|---|---|---|
id | Y | Unique identifier | |
name | Y | Target name | |
description | N | - | Optional description |
type | Y | Must be syslog | |
pipelines | N | - | Optional post-processor pipelines |
status | N | true | Enable/disable the target |
Connection
| Field | Required | Default | Description |
|---|---|---|---|
type | N | "udp" | Transport protocol: udp, tcp, or tls |
address | N | "127.0.0.1" | Remote server address |
port | N | 514 | Remote server port |
Messages
| Field | Required | Default | Description |
|---|---|---|---|
template | N | "<{{.Priority}}> {{.Timestamp}} {{.AppName}}[{{.PID}}]: {{.Message}}" | Message template |
app_name | N | "vmetric" | Application name in the messages |
priority | N | 14 | Syslog priority value |
format | N | - | Field normalization format: ecs, cim, asim, cef, leef, csl |
TLS
| Field | Required | Default | Description |
|---|---|---|---|
tls.status | N | false | Enable TLS encryption |
tls.verify | N | false | Verify server certificate |
tls.cert_name | N | "cert.pem" | Client certificate file |
tls.key_name | N | "key.pem" | Client private key file |
warning
When using TLS, ensure that the certificate files are accessible and have the appropriate permissions.
Templates
The following variables can be used in the message template:
| Variable | Description | Example |
|---|---|---|
{{.Year}} | Current year | 2024 |
{{.Month}} | Current month | 01 |
{{.Day}} | Current day | 15 |
{{.Priority}} | Syslog priority | 14 |
{{.Timestamp}} | RFC3339 timestamp | 2024-01-15T14:30:00Z |
{{.AppName}} | Application name | vmetric |
{{.PID}} | Process ID | 1234 |
{{.Message}} | Log message | User login successful |
note
Invalid templates will fall back to sending the raw message content without formatting.
Examples
Basic UDP
The minimum configuration for a UDP syslog:
- id: 1
name: udp_syslog
type: syslog
properties:
address: "192.168.1.100"
Secure TLS
Configuration for a TLS-encrypted syslog:
- id: 2
name: secure_syslog
type: syslog
properties:
type: "tls"
address: "logs.example.com"
port: 6514
tls:
status: true
verify: true
cert_name: "client-cert.pem"
key_name: "client-key.pem"
Template
Configuration with a custom message template:
- id: 3
name: custom_syslog
type: syslog
properties:
address: "192.168.1.100"
template: "{{.Timestamp}} [{{.AppName}}] severity={{.Priority}} {{.Message}}"
app_name: "myapp"
priority: 13