Syslog source plugin

Syslog is a standard protocol used for message logging and management in Unix and Unix-like systems. It is widely used for system monitoring, debugging, and troubleshooting.

The Syslog source plugin can collect messages through a Unix socket server using UDP or TCP, or over the network using TCP or UDP. It provides a flexible and customizable way to configure your Calyptia Core pipeline to receive, parse, and process Syslog messages.

Configuration parameters

The Syslog source plugin provides these configuration parameters.


PortTCP port used for listening for incoming messages.
ParserSpecify an alternative parser for the message. If Mode is set to tcp or udp then the default parser is syslog-rfc5424 otherwise syslog-rfc3164-local is used. If your syslog messages have fractional seconds, set this value to syslog-rfc5424 instead. If you have a custom parser, use Advanced Settings to designate the parser.
ModeSpecify UDP or TCP.


Buffer Max SizeSpecify the maximum buffer size in KB to receive a JSON message.
Buffer Chunk SizeSets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by buffer_max_size.

Security and TLS

TLStlsEnable or disable TLS/SSL support.none
TLS Certificate Validationtls.verifyTurn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.on
TLS Debug Leveltls.debugSet TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).1
CA Certificate File Pathtls.ca_fileAbsolute path to CA certificate file.none
Certificate File Pathtls.crt_fileAbsolute path to certificate file.none
Private Key File Pathtls.key_fileAbsolute path to private key file.none
Private Key Path Passwordtls.key_passwdOptional password for tls.key_file file.none
TLS SNI Hostname Extensiontls.vhostHostname to be used for TLS SNI extension.none