The address to listen for connections on, or systemd#N to use the Nth socket passed by systemd socket activation. If an address is used it must include a port.
Unix file mode bits to be applied to the unix socket file
as its designated file permissions.
Note that the file mode value can be specified in any numeric format
supported by your configuration language, but it is most intuitive to use an octal number.
Examples
511
384
508
Relevant when: mode = `unix_datagram` or `unix_stream`
Absolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive, key_file must also be set. This is required if enabled is set to true.
If true, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false (the default), Vector will not request a certificate from the client.
In addition to the defined fields, any Syslog 5424 structured fields are parsed and inserted, namespaced under the name of each structured data section.
Examples
helloworld
appnamerequiredstringliteral
The appname extracted from the Syslog formatted line. If a appname is not found, then the key will not be added.
Examples
app-name
facilityrequiredstringliteral
The facility extracted from the Syslog line. If a facility is not found, then the key will not be added.
Examples
1
hostrequiredstringliteral
The local hostname, equivalent to the gethostname command.
Examples
my-host.local
hostnamerequiredstringliteral
The hostname extracted from the Syslog line. (host is also this value if it exists in the log.)
Examples
my.host.com
messagerequiredstringliteral
The message extracted from the Syslog line.
Examples
Helloworld
msgidrequiredstringliteral
The msgid extracted from the Syslog line. If a msgid is not found, then the key will not be added.
Examples
ID47
procidrequiredstringliteral
The procid extracted from the Syslog line. If a procid is not found, then the key will not be added.
Examples
8710
severityrequiredstringliteral
The severity extracted from the Syslog line. If a severity is not found, then the key will not be added.
Examples
notice
source_iprequiredstringliteral
The upstream hostname. In the case where mode = "unix" the socket path will be used. (host is also this value if hostname does not exist in the log.)
Examples
127.0.0.1
timestamprequiredtimestamp
The time extracted from the Syslog formatted line. If parsing fails, then the exact time the event was ingested into Vector is used.
Examples
2020-10-10T17:07:36.452332Z
versionrequireduint
The version extracted from the Syslog line. If a version is not found, then the key will not be added.
The number of raw bytes accepted by this component from source origins.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
component_received_events_total
counter
The number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
component_sent_event_bytes_total
counter
The total number of event bytes emitted by this component.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
component_sent_events_total
counter
The total number of events emitted by this component.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
connection_read_errors_total
counter
The total number of errors reading datagram.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
moderequired
pidoptional
The process ID of the Vector instance.
events_in_total
counter
The number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
This metric is deprecated and will be removed in a future version.
Use component_received_events_total instead.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
events_out_total
counter
The total number of events emitted by this component.
This metric is deprecated and will be removed in a future version.
Use component_sent_events_total instead.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
processed_bytes_total
counter
The number of bytes processed by the component.
component_idrequired
The Vector component ID.
component_kindrequired
The Vector component kind.
component_namerequired
Deprecated, use component_id instead. The value is the same as component_id.
component_typerequired
The Vector component type.
container_nameoptional
The name of the container from which the bytes originate.
fileoptional
The file from which the bytes originate.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the bytes originate.
peer_pathoptional
The pathname from which the bytes originate.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the bytes originate.
{"appname":"non","exampleSDID@32473":{"eventID":"1011","eventSource":"Application","iut":"3"},"facility":"user","host":"my-host.local","hostname":"dynamicwireless.name","message":"Try to override the THX port, maybe it will reboot the neural interface!","msgid":"ID931","procid":"2426","severity":"notice","source_ip":"34.33.222.212","timestamp":"2020-03-13T20:45:38.119Z"}
How it works
Context
By default, the syslog source augments events with helpful
context keys.
Line Delimiters
Each line is read until a new line delimiter, the 0xA byte, is found.
Parsing
Vector makes a best effort to parse the various Syslog formats out in the wild.
This includes RFC 6587, RFC 5424,
RFC 3164, and other common variations (such as the Nginx
Syslog style). It’s unfortunate that the Syslog specification isn’t more
accurately followed, but we hope that Vector insulates you from these deviations.
If parsing fails, Vector includes the entire Syslog line in the message
key. If you find this happening often, we recommend using the
socket source combined with
regex parsing to implement your own custom
ingestion and parsing scheme. Alternatively, you can open an
issue to request support for your specific format.
State
This component is stateless, meaning its behavior is consistent across each input.
Transport Layer Security (TLS)
Vector uses OpenSSL for TLS protocols. You can
adjust TLS behavior via the tls.* options.
Sign up to receive emails on the latest Vector content and new releases