Syslog
Synopsis
Creates a target that forwards log messages to a remote syslog server. Supports multiple transport protocols, message templating, and TLS encryption.
note
The syslog target uses the RFC5424 format for all messages, ensuring modern syslog compatibility.
note
See Appendix for details of the format.
Schema
- id: <numeric>
name: <string>
description: <string>
type: syslog
pipelines: <pipeline[]>
status: <boolean>
properties:
type: <string>
address: <string>
port: <numeric>
format: <string>
template: <string>
app_name: <string>
priority: <numeric>
tls:
status: <boolean>
verify: <boolean>
cert_name: <string>
key_name: <string>
Configuration
The following are the minimum requirements to define the target.
| Field | Required | Default | Description |
|---|---|---|---|
id | Y | Unique identifier | |
name | Y | Target name | |
description | N | - | Optional description |
type | Y | Must be syslog | |
pipelines | N | - | Optional post-processor pipelines |
status | N | true | Enable/disable the target |
Connection
| Field | Required | Default | Description |
|---|---|---|---|
type | N | "udp" | Transport protocol: udp, tcp, or tls |
address | N | "127.0.0.1" | Remote server address |
port | N | 514 | Remote server port |
Messages
| Field | Required | Default | Description |
|---|---|---|---|
template | N | "<{{.Priority}}> {{.Timestamp}} {{.AppName}}[{{.PID}}]: {{.Message}}" | Message template |
app_name | N | "vmetric" | Application name in the messages |
priority | N | 14 | Syslog priority value |
format | N | - | Field normalization format: ecs, cim, asim, cef, leef, csl |
TLS
| Field | Required | Default | Description |
|---|---|---|---|
tls.status | N | false | Enable TLS encryption |
tls.verify | N | false | Verify server certificate |
tls.cert_name | N | "cert.pem" | Client certificate file |
tls.key_name | N | "key.pem" | Client private key file |
warning
When using TLS, ensure that the certificate files are accessible and have the appropriate permissions.
Templates
The following variables can be used in the message template:
| Variable | Description | Example |
|---|---|---|
{{.Year}} | Current year | 2024 |
{{.Month}} | Current month | 01 |
{{.Day}} | Current day | 15 |
{{.Priority}} | Syslog priority | 14 |
{{.Timestamp}} | RFC3339 timestamp | 2024-01-15T14:30:00Z |
{{.AppName}} | Application name | vmetric |
{{.PID}} | Process ID | 1234 |
{{.Message}} | Log message | User login successful |
note
Invalid templates will fall back to sending the raw message content without formatting.
Examples
Basic UDP
The minimum configuration for a UDP syslog:
- id: 1
name: udp_syslog
type: syslog
properties:
address: "192.168.1.100"
Secure TLS
Configuration for a TLS-encrypted syslog:
- id: 2
name: secure_syslog
type: syslog
properties:
type: "tls"
address: "logs.example.com"
port: 6514
tls:
status: true
verify: true
cert_name: "client-cert.pem"
key_name: "client-key.pem"
Template
Configuration with a custom message template:
- id: 3
name: custom_syslog
type: syslog
properties:
address: "192.168.1.100"
template: "{{.Timestamp}} [{{.AppName}}] severity={{.Priority}} {{.Message}}"
app_name: "myapp"
priority: 13