Sending and Filtering Logs to Syslog Server

kleioemre · February 26, 2025, 2:47pm

Hi,
I'm trying send logs to syslog server using output plugin but couldn't get any success. I want to send only certain pod logs and add the labels. Is this config accurate?

output {
  if [kubernetes][pod][name] =~ /^prod/  {
    syslog {
       host => "syslog server"
       port => 514
       protocol => "tcp"
       rfc => "rfc5424"
	   message => "Pod: %{[kubernetes][pod][name]}, Container: %{[kubernetes][container][name]}, Node: %{[kubernetes][node][name]}, Message: %{message}"
		}
	}
}

Badger · February 26, 2025, 3:54pm

It looks reasonable. What isn't working? What appears in the logstash logs?

Rios · February 26, 2025, 4:41pm

Also check the value [kubernetes][pod][name], does it start with "prod"

Topic		Replies	Views
Logstash-output-syslog never writes anything to local syslog on REL8 in podman with podman-compose Logstash docker	6	662	January 18, 2023
Syslog output plugin log format is not proper Logstash	2	566	March 31, 2017
Logstash - Syslog input and output Logstash	1	402	February 27, 2018
Syslog output plugin to slow syslog server is causing delays for our whole pipeline. Better way to set this up? Logstash	1	479	December 4, 2018
Sending logs to syslog using logstash Logstash	17	1014	July 7, 2023

Sending and Filtering Logs to Syslog Server

Related topics