The address to listen for connections on, or systemd#N to use the Nth socket passed by systemd socket activation. If an address is used it must include a port.
Unix file mode bits to be applied to the unix socket file
as its designated file permissions.
Note that the file mode value can be specified in any numeric format
supported by your configuration language, but it is most intuitive to use an octal number.
Examples
511
384
508
Relevant when: mode = `unix_datagram` or `unix_stream`
If enabled, certificates must be valid in terms of not being expired, as well as being issued by a trusted
issuer. This verification operates in a hierarchical manner, checking that not only the leaf certificate (the
certificate presented by the client/server) is valid, but also that the issuer of that certificate is valid, and
so on until reaching a root certificate.
Relevant for both incoming and outgoing connections.
Do NOT set this to false unless you understand the risks of not verifying the validity of certificates.
In addition to the defined fields, any Syslog 5424 structured fields are parsed and inserted, namespaced under the name of each structured data section.
Examples
helloworld
appnamerequiredstringliteral
The appname extracted from the Syslog formatted line. If a appname is not found, then the key will not be added.
Examples
app-name
client_metadataoptionalobject
Client TLS metadata.
facilityrequiredstringliteral
The facility extracted from the Syslog line. If a facility is not found, then the key will not be added.
Examples
1
hostrequiredstringliteral
The local hostname, equivalent to the gethostname command.
Examples
my-host.local
hostnamerequiredstringliteral
The hostname extracted from the Syslog line. (host is also this value if it exists in the log.)
Examples
my.host.com
messagerequiredstringliteral
The message extracted from the Syslog line.
Examples
Helloworld
msgidrequiredstringliteral
The msgid extracted from the Syslog line. If a msgid is not found, then the key will not be added.
Examples
ID47
procidrequiredstringliteral
The procid extracted from the Syslog line. If a procid is not found, then the key will not be added.
Examples
8710
severityrequiredstringliteral
The severity extracted from the Syslog line. If a severity is not found, then the key will not be added.
Examples
notice
source_iprequiredstringliteral
The upstream hostname. In the case where mode = "unix" the socket path will be used. (host is also this value if hostname does not exist in the log.)
Examples
127.0.0.1
source_typerequiredstringliteral
The name of the source type.
Examples
syslog
timestamprequiredtimestamp
The time extracted from the Syslog formatted line. If parsing fails, then the exact time the event was ingested into Vector is used.
Examples
2020-10-10T17:07:36.452332Z
versionrequireduint
The version extracted from the Syslog line. If a version is not found, then the key will not be added.
The number of raw bytes accepted by this component from source origins.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
component_received_events_total
counter
The number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
component_sent_event_bytes_total
counter
The total number of event bytes emitted by this component.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
component_sent_events_total
counter
The total number of events emitted by this component.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
connection_read_errors_total
counter
The total number of errors reading datagram.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
mode
pidoptional
The process ID of the Vector instance.
events_in_total
counter
The number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
This metric is deprecated and will be removed in a future version.
Use component_received_events_total instead.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_nameoptional
The name of the container from which the data originated.
fileoptional
The file from which the data originated.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the data originated.
peer_pathoptional
The pathname from which the data originated.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the data originated.
urioptional
The sanitized URI from which the data originated.
events_out_total
counter
The total number of events emitted by this component.
This metric is deprecated and will be removed in a future version.
Use component_sent_events_total instead.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
hostoptional
The hostname of the system Vector is running on.
outputoptional
The specific output of the component.
pidoptional
The process ID of the Vector instance.
processed_bytes_total
counter
The number of bytes processed by the component.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_nameoptional
The name of the container from which the bytes originate.
fileoptional
The file from which the bytes originate.
hostoptional
The hostname of the system Vector is running on.
modeoptional
The connection mode used by the component.
peer_addroptional
The IP from which the bytes originate.
peer_pathoptional
The pathname from which the bytes originate.
pidoptional
The process ID of the Vector instance.
pod_nameoptional
The name of the pod from which the bytes originate.
{"appname":"non","exampleSDID@32473":{"eventID":"1011","eventSource":"Application","iut":"3"},"facility":"user","host":"my-host.local","hostname":"dynamicwireless.name","message":"Try to override the THX port, maybe it will reboot the neural interface!","msgid":"ID931","procid":"2426","severity":"notice","source_ip":"34.33.222.212","source_type":"syslog","timestamp":"2020-03-13T20:45:38.119Z"}
How it works
Context
By default, the syslog source augments events with helpful
context keys.
Line Delimiters
Each line is read until a new line delimiter, the 0xA byte, is found.
Parsing
Vector makes a best effort to parse the various Syslog formats out in the wild.
This includes RFC 6587, RFC 5424,
RFC 3164, and other common variations (such as the Nginx
Syslog style). It’s unfortunate that the Syslog specification isn’t more
accurately followed, but we hope that Vector insulates you from these deviations.
If parsing fails, Vector will raise an error. If you find this happening often,
we recommend using the socket source combined with
regex parsing to implement your own custom
ingestion and parsing scheme, or syslog parsing and
manually handle any errors. Alternatively, you can open an
issue to request support for your specific format.
State
This component is stateless, meaning its behavior is consistent across each input.
Transport Layer Security (TLS)
Vector uses OpenSSL for TLS protocols. You can
adjust TLS behavior via the tls.* options.
Sign up to receive emails on the latest Vector content and new releases