Destinos de Syslog

Utiliza los destinos de syslog de Observability Pipelines para enviar logs a rsyslog o syslog-ng.

Configuración

Configura el destino de rsyslog o syslog-ng y sus variables de entorno cuando configures un pipeline. La siguiente información se configura en la interfaz de usuario de los pipelines.

Configura el destino

The rsyslog and syslog-ng destinations support the RFC5424 format.

The rsyslog and syslog-ng destinations match these log fields to the following Syslog fields:

Log EventSYSLOG FIELDDefault
log[“message”]MESSAGENIL
log[“procid”]PROCIDThe running Worker’s process ID.
log[“appname”]APP-NAMEobservability_pipelines
log[“facility”]FACILITY8 (log_user)
log[“msgid”]MSGIDNIL
log[“severity”]SEVERITYinfo
log[“host”]HOSTNAMENIL
log[“timestamp”]TIMESTAMPCurrent UTC time.

The following destination settings are optional:

  1. Toggle the switch to enable TLS. If you enable TLS, the following certificate and key files are required:
    • Server Certificate Path: The path to the certificate file that has been signed by your Certificate Authority (CA) Root File in DER or PEM (X.509).
    • CA Certificate Path: The path to the certificate file that is your Certificate Authority (CA) Root File in DER or PEM (X.509).
    • Private Key Path: The path to the .key private key file that belongs to your Server Certificate Path in DER or PEM (PKCS#8) format.
  2. Enter the number of seconds to wait before sending TCP keepalive probes on an idle connection.

Configura las variables de entorno

  • The rsyslog or syslog-ng endpoint URL. For example, 127.0.0.1:9997.
    • The Observability Pipelines Worker sends logs to this address and port.
    • Stored as the environment variable: DD_OP_DESTINATION_SYSLOG_ENDPOINT_URL.

Cómo funciona el destino

Procesamiento de eventos por lotes

En los destinos rsyslog y syslog-ng no se procesan eventos por lotes.