syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

7.5. http: Posting messages over HTTP

Version 7.0.4 of syslog-ng PE can directly post log messages to web services using the HTTP protocol. The current implementation has the following limitations:

  • Only the PUT and the POST methods are supported.

HTTPS connection, as well as password- and certificate-based authentication is supported.

Example 7.13. Client certificate authentication with HTTPS
destination d_https { 
  http(
    [...]
    ca_file("/path-to-cert-dir/ca-crt.pem")
    ca_dir("/path-to-cert-dir/")
    cert_file("/path-to-cert-dir/server-crt.pem")
    key_file("/path-to-certdir/server-key.pem")
    [...]
  ); 
};

Declaration: 

destination d_http {
    http(
        url("<web-service-IP-or-hostname>")
        method("<HTTP-method>")
        user_agent("<USER-AGENT-message-value>")
        user("<username>")
        password("<password>")
    );
};
Example 7.14. Sending log data to a web service

The following example defines an http destination.

destination d_http {
  http(
    url("http://127.0.0.1:8000")
    method("PUT")
    user_agent("syslog-ng User Agent")
    user("user")
    password("password")
    headers("HEADER1: header1", "HEADER2: header2")
    body("${ISODATE} ${MESSAGE}")
  );
};

log
    { source(s_file); destination(d_http); flags(flow-control); };

You can also use the http() destination to forward log messages to Splunk using syslog-ng PE.