Syslog Source

Example
yaml
sinks:
   logscale_sink:
    type: logscale 
    url: "https://cloud.humio.com/" 
    token: "${LOGSCALE_TOKEN}"
queue:
 type: disk
 maxLimitInMB: 10240
sources:
 syslog-udp:
  type: syslog
  mode: udp  
  port: 514  
  sink: logscale_sink
  bind: "0.0.0.0"
  maxEventSize: 1048576
  workers: 4
  parser: "syslog_rfc5424"
transforms:
 - type: static_fields
  fields:
   source_type: "syslog_udp"
   environment: "${ENV}"
syslog_tcp:
 type: syslog
 mode: tcp  
 port: 1514 
 sink: logscale_sink
 bind: "0.0.0.0"
 maxEventSize: 1048576
 strict: true
 parser: "syslog_rfc5424"
transforms:
 - type: static_fields
  fields:
   source_type: "syslog_tcp"
   environment: "${ENV}"
Introduction

This example demonstrates how to configure a complete syslog-based pipeline using LogScale, including sink setup, disk-based queuing, and a syslog data ingestion.

Step-by-Step
  1. yaml
    sinks:
   logscale_sink:
    type: logscale 
    url: "https://cloud.humio.com/" 
    token: "${LOGSCALE_TOKEN}"

    Here, we defined a sink named logscale_sink that sends logs to a LogScale instance. The url specifies the destination, and the token is passed securely via an environment variable for authentication.

  2. yaml
    queue:
 type: disk
 maxLimitInMB: 10240

    Here, we configured a disk-based queue to buffer syslog events with maximum limit of 10GB. This helps maintain data integrity during restarts or network interruptions.

  3. yaml
    sources:
 syslog-udp:
  type: syslog
  mode: udp  
  port: 514  
  sink: logscale_sink
  bind: "0.0.0.0"
  maxEventSize: 1048576
  workers: 4
  parser: "syslog_rfc5424"

    Here, we defined a syslog_udp input source that listens for incoming UDP syslog traffic on port 514 and forward events to configured logscale_sink . Optional fields enable bind address, max event size, number of worker threads and parser.

  4. yaml
    transforms:
 - type: static_fields
  fields:
   source_type: "syslog_udp"
   environment: "${ENV}"

    Here, we defined addition of static fields to syslog_udp source.

  5. yaml
    syslog_tcp:
 type: syslog
 mode: tcp  
 port: 1514 
 sink: logscale_sink
 bind: "0.0.0.0"
 maxEventSize: 1048576
 strict: true
 parser: "syslog_rfc5424"

    Here, we added a syslog_tcp source for recieving syslog over TCP on port 1514. Optional fields enable binding, max event size, strict event validation and parser specification.

  6. yaml
    transforms:
 - type: static_fields
  fields:
   source_type: "syslog_tcp"
   environment: "${ENV}"

    Here, we defined addition of static fields to syslog_tcp source.

  7. Event Result set.

Summary and Results

This example sets up a LogScale collector pipeline with syslog UDP and TCP sources, a disk-based queue and a token-authenticated sink. Optional fields enhance performance, reliability, and parsing behaviour.