Build Status

Fluent::Plugin::NewSyslog

This is a syslog input and parser plugins for Fluentd. It supports the newer rfc5424 syslog format along with the older rfc3164 format. It will automatically parse the time formats using the built in ruby time parser rather than specifying the expected format from the syslog message. The parser plugin is backwards compatible with the built in syslog parser.

Installation

Add this line to your application's Gemfile:

gem 'fluent-plugin-newsyslog'

And then execute:

$ bundle

Or install it yourself as:

$ gem install fluent-plugin-newsyslog

Usage

in_newsyslog Input plugin

The in_newsyslog Input plugin enables Fluentd to retrieve records via the syslog protocol on UDP or TCP. The default parser is the parser_newsyslog plugin.

Example Configuration

<source>
  type newsyslog
  port 5140
  bind 0.0.0.0
  tag system
</source>

Parameters

type (required) The value must be newsyslog.

port The port to listen to. Default Value = 5140

bind The bind address to listen to. Default Value = 0.0.0.0 (all addresses)

protocol_type The transport protocol used to receive logs. “udp” and “tcp” are supported. “udp” by default.

tag (required) The prefix of the tag. The tag itself is generated by the tag prefix, facility level, and priority.

parser_newsyslog Parser plugin

The parser_newsyslog Parser plugin enables Fluentd to parse syslog records in either rfc5424 or rfc3164 format.

Example Configuration

This is an example to use this parser with the syslog plugin.

<source>
  type syslog
  port 5140
  bind 0.0.0.0
  format newsyslog
  tag system
</source>

Parameters

payload_message When set to true, it will output the entire syslog message into the message field rather than the parsed message field. Default Value = false, send the parsed syslog message field.

Development

After checking out the repo, run bundle to install dependencies.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in fluent-plugin-newsyslog.gemspec, and then run bundle exec rake release to create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Running unit tests

This gem is using both rspec and test::unit

execute bundle exec rspec to run the rspec tests execute bundle exec rake test to run test::unit tests

Contributing

  1. Fork it ( https://github.com/athenahealth/fluent-plugin-newsyslog/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request