Description:

Sends Syslog messages to a given host and port over TCP or UDP. Messages are constructed from the "Message ___" properties of the processor which can use expression language to generate messages from incoming FlowFiles. The properties are used to construct messages of the form: (<PRIORITY>)(VERSION )(TIMESTAMP) (HOSTNAME) (BODY) where version is optional. The constructed messages are checked against regular expressions for RFC5424 and RFC3164 formatted messages. The timestamp can be an RFC5424 timestamp with a format of "yyyy-MM-dd'T'HH:mm:ss.SZ" or "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm", or it can be an RFC3164 timestamp with a format of "MMM d HH:mm:ss". If a message is constructed that does not form a valid Syslog message according to the above description, then it is routed to the invalid relationship. Valid messages are sent to the Syslog server and successes are routed to the success relationship, failures routed to the failure relationship.

Tags:

syslog, put, udp, tcp, logs

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

NameDefault ValueAllowable ValuesDescription
HostnamelocalhostThe ip address or hostname of the Syslog server.
ProtocolUDP
  • TCP
  • UDP
The protocol for Syslog communication, either TCP or UDP.
PortThe port for Syslog communication.
SSL Context ServiceController Service API:
SSLContextService
Implementation:
StandardSSLContextService
The Controller Service to use in order to obtain an SSL Context. If this property is set, syslog messages will be sent over a secure connection.
Idle Connection Expiration5 secondsThe amount of time a connection should be held open without being used before closing the connection.
Send Buffer Size2048 BThe size of each buffer used to send a Syslog message. Adjust this value appropriately based on the expected size of the Syslog messages being produced. Messages larger than this buffer size will still be sent, but will not make use of the buffer pool.
Batch Size25The number of incoming FlowFiles to process in a single execution of this processor.
Character SetUTF-8Specifies which character set of the Syslog messages
Message PriorityThe priority for the Syslog messages, excluding < >.
Supports Expression Language: true
Message VersionThe version for the Syslog messages.
Supports Expression Language: true
Message Timestamp${now():format('MMM d HH:mm:ss')}The timestamp for the Syslog messages. The timestamp can be an RFC5424 timestamp with a format of "yyyy-MM-dd'T'HH:mm:ss.SZ" or "yyyy-MM-dd'T'HH:mm:ss.S+hh:mm", " or it can be an RFC3164 timestamp with a format of "MMM d HH:mm:ss".
Supports Expression Language: true
Message Hostname${hostname(true)}The hostname for the Syslog messages.
Supports Expression Language: true
Message BodyThe body for the Syslog messages.
Supports Expression Language: true

Relationships:

NameDescription
failureFlowFiles that failed to send to Syslog are sent out this relationship.
invalidFlowFiles that do not form a valid Syslog message are sent out this relationship.
successFlowFiles that are sent successfully to Syslog are sent out this relationship.

Reads Attributes:

None specified.

Writes Attributes:

None specified.

See Also:

ListenSyslog, ParseSyslog