github.com/honeycombio/honeytail@v1.9.0/parsers/syslog/README.md

github.com/honeycombio/honeytail@v1.9.0/parsers/syslog/README.md (about)

     1  # syslog parser
     2  
     3  Example CLI usage (from honeytail root)
     4  ```
     5  honeytail -p syslog -k $HONEYTAIL_WRITEKEY \
     6    -f /var/log/auth.log \
     7    --dataset 'MY_TEST_DATASET' \
     8    --syslog.mode 'rfc5424'
     9  ```
    10  
    11  ## Log Formatting
    12  
    13  You will need to configure your syslog daemon to use the right format. For example, to use RFC5424 with rsyslog, set the following in your /etc/rsyslog.conf.
    14  
    15  ```
    16  $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
    17  ```
    18  
    19  __RFC5424__
    20  
    21  [RFC Text](https://www.ietf.org/rfc/rfc5424.txt)
    22  
    23  Example line
    24  
    25  ```
    26  <165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...
    27  ```
    28  
    29  __RFC3164__
    30  
    31  [RFC Text](https://www.ietf.org/rfc/rfc3164.txt)
    32  
    33  Example line
    34  
    35  ```
    36  <34>Oct 11 22:14:15 mymachine su: 'su root' failed for user on /dev/pts/8
    37  ```