| title | Syslog Destinations | |||||||
|---|---|---|---|---|---|---|---|---|
| disable_toc | false | |||||||
| products |
|
{{< product-availability >}}
Use Observability Pipelines' syslog destinations to send logs to rsyslog or syslog-ng.
Set up the rsyslog or syslog-ng destination and its environment variables when you set up a pipeline. The information below is configured in the pipelines UI.
The rsyslog and syslog-ng destinations match these log fields to the following Syslog fields:
| Log Event | SYSLOG FIELD | Default |
|---|---|---|
| log["message"] | MESSAGE | NIL |
| log["procid"] | PROCID | The running Worker's process ID. |
| log["appname"] | APP-NAME | observability_pipelines |
| log["facility"] | FACILITY | 8 (log_user) |
| log["msgid"] | MSGID | NIL |
| log["severity"] | SEVERITY | info |
| log["host"] | HOSTNAME | NIL |
| log["timestamp"] | TIMESTAMP | Current UTC time. |
To set up the syslog destination in the UI:
- Enter the identifier for your endpoint URL. If you leave it blank, the default is used.
{{% observability_pipelines/tls_settings %}}
Enter the number of seconds to wait before sending TCP keepalive probes on an idle connection.
{{% observability_pipelines/destination_buffer %}}
{{% observability_pipelines/set_secrets_intro %}}
{{< tabs >}} {{% tab "Secrets Management" %}}
- rsyslog or syslog-ng endpoint URL identifier:
- References the address and port to which Observability Pipelines Worker sends logs. For example,
127.0.0.1:9997. - The default identifier is
DESTINATION_SYSLOG_ENDPOINT_URL.
- References the address and port to which Observability Pipelines Worker sends logs. For example,
- rsyslog or syslog-ng TLS passphrase identifier (when TLS is enabled):
- The default identifier is
DESTINATION_SYSLOG_KEY_PASS.
- The default identifier is
{{% /tab %}}
{{% tab "Environment Variables" %}}
{{% observability_pipelines/configure_existing_pipelines/destination_env_vars/syslog %}}
{{% /tab %}} {{< /tabs >}}
The rsyslog and syslog-ng destinations do not batch events.