Powered by GitBook

Data Collection

syslog Input Plugin

The in_syslog Input plugin enables Fluentd to retrieve records via the syslog protocol on UDP.

Example Configuration

in_syslog is included in Fluentd's core. No additional installation process is required.

<source>
  type syslog
  port 5140
  bind 0.0.0.0
  tag system
</source>

NOTE: Please see the Config File article for the basic structure and syntax of the configuration file.

Example Usage

The retrieved data is organized as follows. Fluentd's tag is generated by the tag parameter (tag prefix), facility level, and priority. The record is parsed by the regexp here.

tag = "#{@tag}.#{facility}.#{priority}"

record = {
  "pri": "0",
  "time": 1353436518,
  "host": "host",
  "ident": "ident",
  "pid": "12345",
  "message": "text"
}

Parameters

type (required)

The value must be syslog.

port

The port to listen to. Default Value = 5140

bind

The bind address to listen to. Default Value = 0.0.0.0 (all addresses)

protocol_type

The transport protocol used to receive logs. "udp" and "tcp" are supported. "udp" by default.

tag (required)

The prefix of the tag. The tag itself is generated by the tag prefix, facility level, and priority.

format

The format of the log. This option is used to parse non-standard syslog formats using a regexp.

<source>
  type syslog
  tag system
  format FORMAT_PARAMETER
</source>

NOTE: Your format regexp should not consider the 'priority' prefix of the log. For example, if in_syslog receives the log below:

 <1>Feb 20 00:00:00 192.168.0.1 fluentd[11111]: [error] hogehoge

then the format parser receives the following log:

 Feb 20 00:00:00 192.168.0.1 fluentd[11111]: [error] hogehoge

If the format parameter is missing, then the log data is assumed to have the canonical syslog format (see with_priority).

FORMAT_PARAMETER supports the following options:

INCLUDE: _in_parsers

with_priority

This option matters only when format is absent. If with_priority is true, then syslog messages are assumed to be prefixed with a priority tag like "<3>". This option exists since some syslog daemons output logs without the priority tag preceding the message body.

NOTE: If you wish to parse syslog messages of arbitrary formats, in_tcp or in_udp are recommended.

INCLUDE: _in_types

INCLUDE: _log_level_params