syslog-ng Open Source Edition 3.33 - Administration Guide

Preface Introduction to syslog-ng The concepts of syslog-ng Installing syslog-ng The syslog-ng OSE quick-start guide The syslog-ng OSE configuration file source: Read, receive, and collect log messages
How sources work default-network-drivers: Receive and parse common syslog messages internal: Collecting internal messages file: Collecting messages from text files wildcard-file: Collecting messages from multiple text files linux-audit: Collecting messages from Linux audit logs network: Collecting messages using the RFC3164 protocol (network() driver) nodejs: Receiving JSON messages from nodejs applications mbox: Converting local email messages to log messages osquery: Collect and parse osquery result logs pipe: Collecting messages from named pipes pacct: Collecting process accounting logs on Linux program: Receiving messages from external applications python: writing server-style Python sources python-fetcher: writing fetcher-style Python sources snmptrap: Read Net-SNMP traps sun-streams: Collecting messages on Sun Solaris syslog: Collecting messages using the IETF syslog protocol (syslog() driver) system: Collecting the system-specific log messages of a platform systemd-journal: Collecting messages from the systemd-journal system log storage systemd-syslog: Collecting systemd messages using a socket tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol— OBSOLETE unix-stream, unix-dgram: Collecting messages from UNIX domain sockets stdin: Collecting messages from the standard input stream
destination: Forward, send, and store log messages
amqp: Publishing messages using AMQP collectd: sending metrics to collectd elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher (DEPRECATED) elasticsearch-http: Sending messages to Elasticsearch HTTP Bulk API file: Storing messages in plain-text files graphite: Sending metrics to Graphite Sending logs to Graylog hdfs: Storing messages on the Hadoop Distributed File System (HDFS) Posting messages over HTTP http: Posting messages over HTTP without Java kafka: Publishing messages to Apache Kafka (Java implementation) kafka(): Publishing messages to Apache Kafka (C implementation, using the librdkafka client) loggly: Using Loggly logmatic: Using Logmatic.io mongodb: Storing messages in a MongoDB database mqtt() destination: sending messages from a local network to an MQTT broker network: Sending messages to a remote log server using the RFC3164 protocol (network() driver) osquery: Sending log messages to osquery's syslog table pipe: Sending messages to named pipes program: Sending messages to external applications pseudofile() python: writing custom Python destinations redis: Storing name-value pairs in Redis riemann: Monitoring your data with Riemann slack: Sending alerts and notifications to a Slack channel smtp: Generating SMTP messages (email) from logs snmp: Sending SNMP traps Splunk: Sending log messages to Splunk sql: Storing messages in an SQL database stomp: Publishing messages using STOMP Sumo Logic destinations: sumologic-http() and sumologic-syslog() syslog: Sending messages to a remote logserver using the IETF-syslog protocol syslog-ng(): Forward logs to another syslog-ng node tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers) Telegram: Sending messages to Telegram unix-stream, unix-dgram: Sending messages to UNIX domain sockets usertty: Sending messages to a user terminal: usertty() destination Write your own custom destination in Java or Python Client-side failover
log: Filter and route log messages using log paths, flags, and filters Global options of syslog-ng OSE TLS-encrypted message transfer template and rewrite: Format, modify, and manipulate log messages parser: Parse and segment structured messages db-parser: Process message content with a pattern database (patterndb) Correlating log messages Enriching log messages with external data Statistics of syslog-ng Multithreading and scaling in syslog-ng OSE Troubleshooting syslog-ng Best practices and examples The syslog-ng manual pages Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License Glossary

sumologic-syslog()

The sumologic-http() and sumologic-syslog() destinations send log messages to Sumo Logic, a cloud-based log management and security analytics service.

Using the sumologic-syslog() destination, you can send data (both in JSON and in non-JSON format) to the Sumo Logic service.

For more information about the sumologic-http() destination, see sumologic-http().

Sending data using the sumologic-syslog() destination
Example: Sending data using the sumologic-syslog() destination

The following example illustrates how you can use the sumologic-syslog() destination to send data to your Sumo Logic account.

log {
  source { system(); };

  destination{
    sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic")
      deployment("ENDPOINT")
      tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d'))
    );
};
};
Sending JSON data using the sumologic-syslog destination
Example: Sending data using the sumologic-syslog() destination

The following example illustrates how you can use the sumologic-syslog() destination to send JSON data to your Sumo Logic account.

log {
  source{ system(); };

  destination{
    sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic")
      deployment("ENDPOINT")
      tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d'))
      template("$(format-json --scope all-nv-pairs)")
    );
  };
};

Was this topic helpful?

[Select Rating]



sumologic-http() and sumologic-syslog() destination options

The sumologic-http() and sumologic-syslog() destinations have the following options.

Topics:

Was this topic helpful?

[Select Rating]



sumologic-http() destination options

The sumologic-http() destination supports all HTTP destination options.

In addition, the sumologic-http() destination also has the following options.

ca-dir()
Accepted values: Directory name
Default: none

Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.

This option can be used together with the optional ca-file() option.

ca-file()
Accepted values: File name
Default: empty

Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.

Example format in configuration:

ca-file("/etc/pki/tls/certs/ca-bundle.crt")

NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.

collector()
Type: string
Default: empty

Description: The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.

For details on the option in the destination's declaration, see .

deployment()
Type: string
Default: empty string

Description: Required. This option specifies your Sumo Logic deployment.

For details on the deployment() option in the sumologic-http() destination's declaration, see .

For details on the deployment() option in the sumologic-syslog() destination's declaration, see .

headers()
Type: string list
Default: empty

Description: Custom HTTP headers to include in the request, for example, headers("HEADER1: header1", "HEADER2: header2"). If not set, only the default headers are included, but no custom headers.

The following headers are included by default:

  • X-Syslog-Host: <host>

  • X-Syslog-Program: <program>

  • X-Syslog-Facility: <facility>

  • X-Syslog-Level: <loglevel/priority>

NOTE: The headers() option is a required option for the sumologic-http() destination.

tls()
Type: tls options
Default: n/a

Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.


Was this topic helpful?

[Select Rating]



sumologic-syslog() destination options

The sumologic-syslog() destination supports all network() destination options.

In addition, the sumologic-syslog() destination also has the following options.

ca-dir()
Accepted values: Directory name
Default: none

Description: The name of a directory that contains a set of trusted CA certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject's name. This naming can be created using the c_rehash utility in openssl. For an example, see Configuring TLS on the syslog-ng clients. The syslog-ng OSE application uses the CA certificates in this directory to validate the certificate of the peer.

This option can be used together with the optional ca-file() option.

ca-file()
Accepted values: File name
Default: empty

Description: Optional. The name of a file that contains a set of trusted CA certificates in PEM format. The syslog-ng OSE application uses the CA certificates in this file to validate the certificate of the peer.

Example format in configuration:

ca-file("/etc/pki/tls/certs/ca-bundle.crt")

NOTE: The ca-file() option can be used together with the ca-dir() option, and it is relevant when peer-verify() is set to other than no or optional-untrusted.

deployment()
Type: string
Default: empty string

Description: Required. This option specifies your Sumo Logic deployment.

For details on the deployment() option in the sumologic-http() destination's declaration, see .

For details on the deployment() option in the sumologic-syslog() destination's declaration, see .

port()
Type: number
Default: 6514

Description: Optional. This option sets the port number of the Sumo Logic server to connect to.

tag()
Type: string list
Default: "tag"

Description: Optional. This option specifies the list of tags to add as the tags fields of Sumo Logic messages. If not specified, syslog-ng OSE automatically adds the tags already assigned to the message. If you set the tag() option, only the tags you specify will be added to the messages.

tls()
Type: tls options
Default: n/a

Description: Required option. This option sets various options related to TLS encryption, for example, key/certificate files and trusted CA locations. TLS can be used only with tcp-based transport protocols. For details, see TLS options.

token()
Type: string
Default:

Description: Required option. The Cloud Syslog Cloud Token that you received from the Sumo Logic service while configuring your cloud syslog source.


Was this topic helpful?

[Select Rating]



Related Documents