Description:
Sends Syslog messages to a given host and port over TCP or UDP. Messages are constructed from the “Message ___” properties of the processor which can use expression language to generate messages from incoming FlowFiles. The properties are used to construct messages of the form: (<PRIORITY>)(VERSION )(TIMESTAMP) (HOSTNAME) (BODY) where version is optional. The constructed messages are checked against regular expressions for RFC5424 and RFC3164 formatted messages. The timestamp can be an RFC5424 timestamp with a format of “yyyy-MM-dd’T’HH:mm:ss.SZ” or “yyyy-MM-dd’T’HH:mm:ss.S+hh:mm”, or it can be an RFC3164 timestamp with a format of “MMM d HH:mm:ss”. If a message is constructed that does not form a valid Syslog message according to the above description, then it is routed to the invalid relationship. Valid messages are sent to the Syslog server and successes are routed to the success relationship, failures routed to the failure relationship.
Tags:
syslog, put, udp, tcp, logs
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the Expression Language Guide.
Name | Default Value | Allowable Values | Description |
Hostname | localhost | The ip address or hostname of the Syslog server. | |
Protocol | UDP |
* TCP * UDP |
The protocol for Syslog communication. |
Port | The port for Syslog communication. | ||
Max Size of Socket Send Buffer | 1 MB | The maximum size of the socket send buffer that should be used. This is a suggestion to the Operating System to indicate how big the socket buffer should be. If this value is set too low, the buffer may fill up before the data can be read, and incoming data will be dropped. | |
SSL Context Service |
Controller Service API: SSLContextService Implementation: StandardSSLContextService |
The Controller Service to use in order to obtain an SSL Context. If this property is set, syslog messages will be sent over a secure connection. | |
Idle Connection Expiration | 5 seconds | The amount of time a connection should be held open without being used before closing the connection. | |
Timeout | 10 seconds | The timeout for connecting to and communicating with the syslog server. Does not apply to UDP | |
Batch Size | 25 | The number of incoming FlowFiles to process in a single execution of this processor. | |
Character Set | UTF-8 | Specifies the character set of the Syslog messages | |
Message Priority |
The priority for the Syslog messages, excluding < >. Supports Expression Language: true |
||
Message Version |
The version for the Syslog messages. Supports Expression Language: true |
||
Message Timestamp | ${now():format('MMM d HH:mm:ss')} |
The timestamp for the Syslog messages. The timestamp can be an RFC5424 timestamp with a format of "yyyy-MM-dd'T'HH:mm:ss.SZ" or "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm", " or it can be an RFC3164 timestamp with a format of "MMM d HH:mm:ss". Supports Expression Language: true |
|
Message Hostname | ${hostname(true)} |
The hostname for the Syslog messages. Supports Expression Language: true |
|
Message Body |
The body for the Syslog messages. Supports Expression Language: true |
Relationships:
Name | Description |
failure | FlowFiles that failed to send to Syslog are sent out this relationship. |
invalid | FlowFiles that do not form a valid Syslog message are sent out this relationship. |
success | FlowFiles that are sent successfully to Syslog are sent out this relationship. |
Reads Attributes:
None specified.
Writes Attributes:
None specified.
See Also:
ListenSyslog, ParseSyslog