Syslog

    The plugin supports the following configuration parameters:

    • When using Syslog input plugin, Fluent Bit requires access to the parsers.conf file, the path to this file can be specified with the option -R or through the Parsers_File key on the [SERVER] section (more details below).
    • When udp or unix_udp is used, the buffer size to receive messages is configurable only through the Buffer_Chunk_Size option which defaults to 32kb.

    In order to receive Syslog messages, you can run the plugin from the command line or through the configuration file:

    Command Line

    From the command line you can let Fluent Bit listen for Forward messages with the following options:

    By default the service will create and listen for Syslog messages on the unix socket /tmp/in_syslog

    2.     Flush               1
    3.     Log_Level           info
    4.     Parsers_File        parsers.conf
    6.     Name                syslog
    7.     Path                /tmp/in_syslog
    8.     Buffer_Chunk_Size   32
    9.     Buffer_Max_Size     64
    11. [OUTPUT]
    12.     Name   stdout
    13.     Match  *

    Testing

    Once Fluent Bit is running, you can send some messages using the logger tool:

    1. $ logger -u /tmp/in_syslog my_ident my_message

    In Fluent Bit we should see the following output:

    The following content aims to provide configuration examples for different use cases to integrate Fluent Bit and make it listen for Syslog messages from your systems.

    Fluent Bit Configuration

    Put the following content in your fluent-bit.conf file:

    1. [SERVICE]
    3.     Parsers_File parsers.conf
    5. [INPUT]
    6.     Name     syslog
    7.     Parser   syslog-rfc3164
    8.     Listen   0.0.0.0
    9.     Port     5140
    10.     Mode     tcp
    12.     Name     stdout
    13.     Match    *

    RSyslog Configuration

    Add a new file to your rsyslog config rules called 60-fluent-bit.conf inside the directory /etc/rsyslog.d/ and add the following content:

    1. action(type="omfwd" Target="127.0.0.1" Port="5140" Protocol="tcp")

    then make sure to restart your rsyslog daemon:

    Rsyslog to Fluent Bit: Unix socket mode over UDP

    Fluent Bit Configuration

    Put the following content in your fluent-bit.conf file:

    1. [SERVICE]
    2.     Flush        1
    5. [INPUT]
    6.     Name      syslog
    7.     Parser    syslog-rfc3164
    8.     Path      /tmp/fluent-bit.sock
    9.     Mode      unix_udp
    10.     Unix_Perm 0644
    12. [OUTPUT]
    13.     Name      stdout
    14.     Match     *

    then start Fluent Bit.

    RSyslog Configuration

    1. $ModLoad omuxsock
    2. $OMUxSockSocket /tmp/fluent-bit.sock
    3. *.* :omuxsock:

    Make sure that the socket file is readable by rsyslog (tweak the Unix_Perm option shown above).