syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

List of syslog-ng PE parameters The syslog-ng Premium Edition 7 Administrator Guide

Symbols

$(context-length), Attributes
$(echo), Using template functions
$(indent-multi-line ${MESSAGE}), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
$DATE, value-pairs()
$FACILITY, value-pairs(), value-pairs()
$FULLHOST_FROM, FULLHOST_FROM, FULLHOST_FROM
$HOST, value-pairs(), value-pairs()
$HOST_FROM, HOST_FROM, HOST_FROM
$MESSAGE, value-pairs(), value-pairs()
$MSGID, value-pairs()
$PID, value-pairs(), value-pairs()
$PRIORITY, value-pairs(), value-pairs()
$PROGRAM, value-pairs(), value-pairs(), pdbtool
$R_DATE, value-pairs()
$SEQNUM, value-pairs()
$SOURCEIP, value-pairs(), value-pairs()
$TAGS, value-pairs()
$UNIXTIME, Specifying data types in value-pairs
$_, Setting multiple message fields to specific values
${.cisco.facility}, The Cisco Parser
${.cisco.mnemonic}, The Cisco Parser
${.cisco.severity}, The Cisco Parser
${.SDATA.SDID.SDNAME}, SDATA, .SDATA.SDID.SDNAME
${AMPM}, AMPM, HOUR12, C_HOUR12, R_HOUR12, S_HOUR12
${C_DATE}, Date-related macros
${DATE}, Date-related macros, FULLDATE, C_FULLDATE, R_FULLDATE, S_FULLDATE
${DAY}, Formatting messages, filenames, directories, and tablenames
${FULLHOST_FROM}, FULLHOST_FROM, SOURCEIP
${HOST_FROM}, HOST_FROM
${HOST}, Global objects, The syslog-ng PE quick-start guide, file() destination options, Formatting messages, filenames, directories, and tablenames, Using template functions, echo
${HOUR12}, AMPM
${HOUR}, Date-related macros
${ISODATE}, Date-related macros, ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${LEVEL}, LEVEL_NUM, PRIORITY or LEVEL
${MESSAGE}, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), Combining filters with boolean operators, MESSAGE, substr, pdbtool
${MSGHDR}, Templates and macros, MESSAGE
${MSGONLY}, MESSAGE
${MSG}, Message representation in syslog-ng PE
${PID}, Comparing macro values in filters
${PROGRAM}, file: Storing messages in plain-text files, pdbtool, pdbtool, pdbtool
${RCPTID}, use-rcptid() (DEPRECATED) , RCPTID
${R_DATE}, Date-related macros
${SDATA}, SDATA, .SDATA.SDID.SDNAME
${SEQNUM}, SEQNUM, SEQNUM, SEQNUM
${SYSLOGNG_OPTIONS}, Installing syslog-ng using the .run installer, Installing syslog-ng, Installing syslog-ng
${S_DATE}, Date-related macros, Date-related macros
${TAGS}, Tagging messages, TAGS, Description
${TZOFFSET}, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${WEEKDAY}, overwrite-if-older()
--active-connections, loggen
--caps, syslog-ng
--ctrl-chars or -c, sanitize
--debug, Troubleshooting syslog-ng
--debug-csv, pdbtool
--debug-pattern, pdbtool
--dgram, loggen
--enable-linux-caps, syslog-ng
--enable-spoof-source, How relaying log messages works
--fd-limit, file() destination options
--field, geoip2
--foreground, syslog-ng
--group, syslog-ng
--idle-connections, loggen
--inet, loggen
--interval, loggen, loggen
--invalid-chars <characterlist> or -i <characterlist>, sanitize
--length, hash, hash
--no-caps, syslog-ng, syslog-ng
--no-ctrl-chars or -C, sanitize
--no-framing, loggen
--number, loggen, loggen
--read-file, loggen, loggen
--replacement <replacement-character> or -r <replacement-character>, sanitize
--sdata, loggen
--skip-tokens, loggen
--stderr, syslog-ng-ctl, syslog-ng-ctl, syslog-ng-ctl
--syslog-proto, loggen, loggen
--user, syslog-ng
--verbose, Troubleshooting syslog-ng
--worker-threads, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
.classifier.<message-class>, tags(), Using parser results in filters and templates
.classifier.class, Using parser results in filters and templates
.classifier.context_id, Using parser results in filters and templates, Correlating log messages using pattern databases, Attributes, Attributes
.classifier.rule_id, Using parser results in filters and templates, Using parser results in filters and templates
.classifier.system, tags(), Using parser results in filters and templates
.classifier_class, Using parser results in filters and templates
.osquery., osquery: Collect and parse osquery result logs
.SDATA.meta, Tagging messages
.snmp., snmptrap: Read Net-SNMP traps
.solaris.msgid, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
.USER, Setting multiple message fields to specific values, Setting multiple message fields to specific values
/, sanitize
0, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
00:50:fc:e3:cd:37, @MACADDR@
4096, syslog-ng
59, The XML parser
<action>, Triggering actions for identified messages, Example, Example
<create-context>, Triggering actions for identified messages, Example
<message>, Triggering actions for identified messages, Example, Example
<object-type> (<object-id>);, Defining configuration objects inline
<object-type> {<object-definition>};, Defining configuration objects inline
<pattern>postfix\@ESTRING:.postfix.component:[@</pattern>, Children
<user@example.com>, @EMAIL@
@define allow-config-dups 1, The configuration syntax in detail, Including configuration files, syslog-ng.conf
@DOUBLE@, @FLOAT@
@EMAIL:email:[<]>@, @EMAIL@
@FLOAT@, @DOUBLE@
@module, Loading modules, Loading modules, Loading modules, Loading modules
@PCRE:name:regexp@, @PCRE@
@SET:: @, @SET@
@version, Loading modules, Including configuration files
[user@example.com], @EMAIL@

C

ca-dir(), crl-dir()
catchall, Log path flags, Log path flags, Log path flags
cc(), cc()
cert-file(), key-file(), key-file()
chain-hostnames(), Notes about counting the licensed hosts, Configuring syslog-ng relays, chain-hostnames(), chain-hostnames(), chain-hostnames(), FULLHOST, HOST
channel, Using channels in configuration objects
CHARSETALIASDIR, Installing syslog-ng using the .run installer, Installing syslog-ng using the .run installer
cisco-parser(), The Cisco Parser, prefix()
class-path, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
clear-on-read(), clear-on-read()
client-host, How relaying log messages works, How relaying log messages works, How relaying log messages works
client-hostname-from-the-message, chain-hostnames()
client-hostname-resolved-on-the-relay, chain-hostnames()
client-hostname-resolved-on-the-server, chain-hostnames()
cluster(), Client modes, Elasticsearch destination options, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options, client-mode()
cluster_url(), server()
columns(), sql: Storing messages in an SQL database, values()
Common Name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
concurrent-requests, How syslog-ng PE interacts with Elasticsearch, flush-limit(), How syslog-ng PE interacts with Elasticsearch, flush-limit()
concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests()
condition, Conditional actions
condition(), Conditional rewrites, Conditional rewrites
condition='$(context-length) >= 5', Attributes
context, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Actions and message correlation, Children, Children, Children, aggregate(), aggregate()
context-id, Correlating log messages using pattern databases, Attributes, Attributes, Attributes, Attributes
context-lookup, grep
context-scope, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Attributes, Attributes, Children, Attributes, Attributes, Attributes, Attributes
context-timeout, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser
CONTEXT_ID, Hard vs. soft macros
create-dirs(), file: Storing messages in plain-text files, dir-perm(), dir-perm()
credit-card-hash(), Anonymizing credit card numbers
credit-card-mask(), Anonymizing credit card numbers
crit, level() or priority()
crl-dir(), crl-dir()
csv-parser(), Global objects, Junctions and channels, Parsing messages with comma-separated and similar values, Options of CSV parsers

D

database(), sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, database(), Options add-contextual-data()
DATE, value-pairs(), Date-related macros, Hard vs. soft macros
date-parser(), Parsing dates and timestamps, Options of date-parser() parsers
datetime, Specifying data types in value-pairs
DAY, Date-related macros, Hard vs. soft macros
db-parser(), Using pattern databases, Using pattern databases, Triggering actions for identified messages
debug, level() or priority(), Dropping messages
default-facility(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files
default-priority(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files
default-selector(), Adding metadata from an external file, Using filters as selector, default-selector(), prefix()
deinit(), Version 7.0.4 - 7.0.5
deinit(self), Methods of the python() parser
delimiters(<delimiter_characters>), delimiters()
destination, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
dir(), Version 7.0.4 - 7.0.5, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
dir-group(), dir-group()
dir-owner(), dir-owner()
dir-perm(), dir-perm(), dir-perm()
dirname, FILE_NAME, basename
dirname(), Version 7.0.2 - 7.0.3
discarded, Metrics and counters of syslog-ng PE
disk-buf-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Flow-control and multiple destinations, Using disk-based and memory buffering, Size and truncation of queue files
disk-buffer(), Version 7.0.4 - 7.0.5, Using disk-based and memory buffering
dns-cache(), FULLHOST, HOST
dns-cache-hosts(), Using name resolution in syslog-ng
dont-create-tables, flags()
dont-store-legacy-msghdr, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
door(), sun-streams: Collecting messages on Sun Solaris
dot-nv-pairs, value-pairs()
double, Specifying data types in value-pairs
drop-invalid, flags()
drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), format-cef-extension, on-error()
dropped, Metrics and counters of syslog-ng PE, Metrics and counters of syslog-ng PE, Log statistics from the internal() source

E

elasticsearch, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, How syslog-ng PE interacts with Elasticsearch, Elasticsearch destination options, client-lib-dir()
elasticsearch(), Relay mode, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher
elasticsearch2, Sending and storing log messages — destinations and destination drivers, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, How syslog-ng PE interacts with Elasticsearch, Elasticsearch2 destination options, syslog-ng.conf
elasticsearch2(), Relay mode, elasticsearch: Sending messages directly to Elasticsearch version 1.x, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
email, @EMAIL@
emerg, level() or priority()
empty-lines, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
encoding(), Message size and encoding, format-cef-extension
err, level() or priority()
error, PRIORITY or LEVEL
escape-none, dialect()
exclude(), Structuring macros, metadata, and other value-pairs, value-pairs()
exclude_tags, exclude-tags
expect-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
explicit-commits, flags(), flags()
extract-solaris-msgid(), sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
extract-stray-words-into(), extract-stray-words-into()

F

FACILITY, Hard vs. soft macros
facility, General recommendations
facility(), facility()
FACILITY_NUM, Hard vs. soft macros
fallback, Log path flags, Log path flags, Log path flags, flags()
fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
file, file: Collecting messages from text files, file: Storing messages in plain-text files, flags(), Using pattern databases, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
file(), Relay mode, The configuration syntax in detail, file: Collecting messages from text files, Notes on reading kernel messages, file() source options, flags(), wildcard-file: Collecting messages from multiple text files, flags(), flags(), osquery: Collect and parse osquery result logs, pipe: Collecting messages from named pipes, flags(), flags(), flags(), flags(), flags(), file: Storing messages in plain-text files, file() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags(), syslog-ng.conf
file-pattern(), wildcard-file: Collecting messages from multiple text files, wildcard-file: Collecting messages from multiple text files
filename(), snmptrap() source options
filter, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
filter(), Conditional rewrites
final, Logging with syslog-ng, Log path flags, Log path flags, Log path flags, Dropping messages
flag(syslog-protocol), Things to consider when forwarding messages between syslog-ng PE hosts
flags(), The configuration syntax in detail, Log paths, Embedded log statements, Replacing message parts, syslog-ng.conf
flags(no-multi-line), flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), flags(), flags(), Macros of syslog-ng PE, MESSAGE, flags()
flags(no-parse), Message representation in syslog-ng PE, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), Macros of syslog-ng PE, MESSAGE, Parsers and segmenting structured messages, flags()
flags(syslog-protocol), Parsing syslog messages
flow-control, Log paths, Embedded log statements, Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control
flush-limit, How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, flush-limit(), flush-limit(), How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, flush-limit(), flush-limit()
flush-limit(), concurrent-requests(), concurrent-requests()
flush-lines(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flags(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout(), sync() or sync-freq() (DEPRECATED), Multithreading concepts of syslog-ng PE, Handling large message load
flush-timeout(), flags(), Multithreading concepts of syslog-ng PE
flush_lines, Possible causes of losing log messages
follow-freq(), The configuration syntax in detail, Notes on reading kernel messages, Notes on reading kernel messages, follow-freq(), wildcard-file: Collecting messages from multiple text files, follow-freq(), monitor-method(), follow-freq(), follow-freq(), syslog-ng.conf
follow-freq(1), system: Collecting the system-specific log messages of a platform
force-directory_polling(), Limitations of using syslog-ng PE with NFS
foreground, syslog-ng
format(linux-kmsg), system: Collecting the system-specific log messages of a platform
format-cef-extension, format-cef-extension, format-cef-extension
format-json, Specifying data types in value-pairs, value-pairs(), osquery: Collect and parse osquery result logs, format-json, Parsing key=value pairs, The JSON parser, The XML parser, The XML parser
format-json(), Structuring macros, metadata, and other value-pairs, template()
format-welf(), Structuring macros, metadata, and other value-pairs, format-welf
frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), ts-format(), ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, frac-digits()
from(), smtp: Generating SMTP messages (e-mail) from logs, from()
fsync(), fsync()
FULLDATE, Date-related macros, Hard vs. soft macros
FULLHOST, Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values
FULLHOST_FROM, Hard vs. soft macros

H

having(), Correlating messages using the grouping-by() parser, having()
hdfs, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options, client-lib-dir()
hdfs(), Version 7.0.2 - 7.0.3, Supported platforms, Relay mode, kerberos-keytab-file(), kerberos-principal(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
hdfs-append-enabled, hdfs-append-enabled(), hdfs-append-enabled()
hdfs-append-enabled(), Version 7.0.4 - 7.0.5, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
hdfs-file(), Version 7.0.4 - 7.0.5, HDFS destination options, hdfs-file()
hdfs-max-filename-length, hdfs-max-filename-length()
hdfs-option-kerberos-keytab-file(), kerberos-principal()
hdfs-option-kerberos-principal(), kerberos-keytab-file()
hdfs-uri(), HDFS destination options
header(), smtp: Generating SMTP messages (e-mail) from logs, header(), header()
HOST, keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), netmask(), netmask6(), keep-hostname(), keep-hostname(), keep-hostname(), Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values, Setting multiple message fields to specific values
host, Using the sql() driver with an Oracle database, Metrics and counters of syslog-ng PE
host(), smtp: Generating SMTP messages (e-mail) from logs, Junctions and channels, Using wildcards, special characters, and regular expressions in filters, Optimizing regular expressions, Parsing syslog messages
host-override(), Version 6 LTS - 7.0
HOST_FROM, Hard vs. soft macros
HOUR, time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), Date-related macros, Hard vs. soft macros, time-zone()
HOUR12, Date-related macros
http, http: Posting messages over HTTP, http: Posting messages over HTTP, http: Posting messages over HTTP, HTTP destination options
http(), Relay mode, http: Posting messages over HTTP, Splunk: Sending log messages to Splunk

I

in-list, inlist()
in-list filter, inlist()
index(), Elasticsearch destination options, Elasticsearch2 destination options
indexes, indexes()
indexes(), indexes()
info, level() or priority()
inherit-environment(), Version 6 LTS - 7.0
inherit-mode, What's new in the syslog-ng pattern database format V5, Children
inherit-mode(), aggregate()
inherit-properties, Triggering actions for identified messages, Actions and message correlation, Actions and message correlation, Actions and message correlation, What's new in the syslog-ng pattern database format V5, Example, Example
init, Methods of the python() parser
init (self, options), Methods of the python() parser
init(), Methods of the python() parser
inject-mode(), Triggering actions for identified messages, inject-mode()
int, Specifying data types in value-pairs
int32, Specifying data types in value-pairs
int64, Specifying data types in value-pairs
internal, internal: Collecting internal messages, Triggering actions for identified messages, inject-mode()
internal(), Logging configuration changes, internal: Collecting internal messages, internal() source options, elasticsearch: Sending messages directly to Elasticsearch version 1.x, on-error(), on-error(), on-error(), elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, on-error(), on-error(), on-error(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), on-error(), on-error(), on-error(), kafka: Publishing messages to Apache Kafka, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), stats-freq(), on-error(), on-error(), on-error(), Triggering actions for identified messages, Triggering actions for identified messages, Children, inject-mode(), inject-mode(), Monitoring statistics and metrics of syslog-ng, Log statistics from the internal() source
ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol()
ISODATE, Date-related macros, Hard vs. soft macros

K

kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, How syslog-ng PE interacts with Apache Kafka, Kafka destination options, client-lib-dir(), properties-file()
kafka(), Relay mode, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
kafka-bootstrap-servers, properties-file()
kafka-bootstrap-servers(), Kafka destination options
keep-alive, keep-alive(), keep-alive(), keep-alive(), keep-alive(), keep-alive()
keep-alive(), program: Sending messages to external applications
keep-hostname(), Configuring syslog-ng relays, How relaying log messages works, How relaying log messages works, use-dns(), use-fqdn(), use-dns(), use-fqdn(), use-fqdn(), chain-hostnames(), dns-cache(), normalize-hostnames(), use-dns(), use-fqdn(), FULLHOST, FULLHOST, FULLHOST, HOST, HOST, HOST
keep-timestamp(), Timezones and daylight saving, keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), Date-related macros
keep-timestamp(no), system: Collecting the system-specific log messages of a platform
kern, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files, FACILITY
kernel, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
key(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), mongodb: Storing messages in a MongoDB database, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser
key-file(), cert-file(), cert-file()
klogd, Notes on reading kernel messages
ksymoops, Notes on reading kernel messages
kv-parser, Options of key=value parsers
kv-parser(), Parsing key=value pairs

L

last-message, Children, Children, aggregate()
LEGACY_MSGHDR, Hard vs. soft macros
LEVEL, Hard vs. soft macros
level(), level() or priority()
LEVEL_NUM, Hard vs. soft macros
license.txt, Installing syslog-ng using the .run installer
literal, Specifying data types in value-pairs
localip(), network: Collecting messages using the RFC3164 protocol (network() driver)
log, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
log-disk-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
log-fetch-limit(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng PE
log-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Using disk-based and memory buffering, Enabling memory buffering
log-iw-size(), Version 6 LTS - 7.0, log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Multithreading concepts of syslog-ng PE
log-msg-size(), Version 7.0.2 - 7.0.3, BSD-syslog or legacy-syslog messages, Message size and encoding, Notes about the configuration syntax, log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), systemd-journal: Collecting messages from the systemd-journal system log storage, log-msg-size(), Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database
log-msg-size(2Mb), Notes about the configuration syntax

M

MARK, mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode()
mark(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-freq, Actions and message correlation
mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode()
match, Combining filters with boolean operators
match(), Combining filters with boolean operators, Using wildcards, special characters, and regular expressions in filters, match(), message(), Optimizing regular expressions, Optimizing regular expressions
matched, Metrics and counters of syslog-ng PE
max-connections(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, log-iw-size(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng PE
max-field-size(), systemd-journal: Collecting messages from the systemd-journal system log storage
max-files(), wildcard-file: Collecting messages from multiple text files, max-files()
mem-buf-length(), Normal and reliable queue files
mem-buf-size(), Flow-control and multiple destinations, Using disk-based and memory buffering
memory_usage, Metrics and counters of syslog-ng PE
MESSAGE, Hard vs. soft macros
message(), match()
MIN, Date-related macros, Hard vs. soft macros
mongodb, mongodb: Storing messages in a MongoDB database
mongodb(), Relay mode, Structuring macros, metadata, and other value-pairs, Specifying data types in value-pairs, value-pairs(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb() destination options, username() (DEPRECATED), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
monitoring(), Version 7.0 - 7.0.2, stats-freq(), Monitoring statistics and metrics of syslog-ng, The monitoring() source, The monitoring() source, monitoring() source options, monitoring() source options, The monitoring-welf() source
monitoring-welf(), Version 7.0 - 7.0.2, The monitoring() source, The monitoring-welf() source
MONTH, Date-related macros, Hard vs. soft macros
MONTH_ABBREV, Date-related macros, Hard vs. soft macros
MONTH_NAME, Date-related macros, Hard vs. soft macros
MONTH_WEEK, Date-related macros, Hard vs. soft macros
MSEC, Date-related macros
MSG, BSD-syslog or legacy-syslog messages, IETF-syslog messages, match(), message(), Hard vs. soft macros
MSGHDR, match()
MSGID, Hard vs. soft macros
MSGONLY, Hard vs. soft macros
mssql, Using the sql() driver with a Microsoft SQL database, type()
multi-line-garbage(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix()
multi-line-mode(), Version 6 LTS - 7.0, multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix()
multi-line-mode(indented), multi-line-mode(), multi-line-mode(), multi-line-mode(), system: Collecting the system-specific log messages of a platform
multi-line-mode(prefix-garbage), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode()
multi-line-mode(prefix-suffix), multi-line-mode(), multi-line-mode(), multi-line-mode(), The XML parser
multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), The XML parser
multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), The XML parser
myhost, Setting multiple message fields to specific values, Setting multiple message fields to specific values
MYSQL_UNIX_PORT, MySQL-specific interaction methods, host()

N

name, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Children
netmask(), host()
netmask6(), netmask6()
network, network: Collecting messages using the RFC3164 protocol (network() driver), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver)
network(), Things to consider when forwarding messages between syslog-ng PE hosts, network: Collecting messages using the RFC3164 protocol (network() driver), network() source options, ip-protocol(), ip-protocol(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, mark-mode(), mark-mode(), mark-mode(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), network() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, mark-mode(), mark-mode(), mark-mode(), Managing incoming and outgoing messages with flow-control, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, Glossary
network(transport(tcp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tcp)), Things to consider when forwarding messages between syslog-ng PE hosts, Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tls) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tls)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(udp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(udp)), Things to consider when forwarding messages between syslog-ng PE hosts, Things to consider when forwarding messages between syslog-ng PE hosts
no-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-multi-line, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-parse, Notes about counting the licensed hosts, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
nobody, Setting multiple message fields to specific values
none, Children, Children, aggregate()
normalize-hostnames(), Version 6 LTS - 7.0, FULLHOST, HOST
notice, level() or priority()
not_matched, Metrics and counters of syslog-ng PE
NULL, MsSQL-specific interaction methods
null(), MsSQL-specific interaction methods, null(), null()
nv-pairs, value-pairs()

P

pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size()
padding(), padding
pair(), Structuring macros, metadata, and other value-pairs, value-pairs()
pair-separator(), extract-stray-words-into()
Parameters, Typographical conventions
parse(), Methods of the python() parser
parse(self, log_message), Methods of the python() parser
parser, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
pass-unix-credentials(), pass-unix-credentials()
path(), path() (DEPRECATED), servers() (DEPRECATED)
path.home, Client modes, client-mode(), client-mode(), Client modes, client-mode()
perm(), perm()
persist-name(), persist-name(), persist-name()
persist_only, use-dns(), use-dns(), use-dns(), Using name resolution in syslog-ng
pid, null()
PID, Hard vs. soft macros
pipe, pipe: Collecting messages from named pipes, pipe() source options, pipe: Sending messages to named pipes, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
pipe(), Relay mode, flags(), flags(), flags(), pipe: Collecting messages from named pipes, pipe: Collecting messages from named pipes, pipe() source options, flags(), optional(), flags(), optional(), flags(), optional(), flags(), flags(), optional(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), pipe: Sending messages to named pipes, pipe() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags()
poll(), follow-freq(), follow-freq(), follow-freq(), follow-freq(), time-sleep() (DEPRECATED)
port(), tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, Client modes, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), smtp: Generating SMTP messages (e-mail) from logs, tcp(), tcp6(), udp(), and udp6() destination options
prefix, The Cisco Parser
prefix(), Parsing key=value pairs, extract-stray-words-into(), The JSON parser, prefix()
prefix(.SDATA.), prefix()
PRI, BSD-syslog or legacy-syslog messages, IETF-syslog messages, Hard vs. soft macros
PRIORITY, Hard vs. soft macros
processed, stats-max-dynamics(), Metrics and counters of syslog-ng PE, Log statistics from the internal() source
program, program: Receiving messages from external applications, program() source options, program: Sending messages to external applications, mark-mode(), Metrics and counters of syslog-ng PE
PROGRAM, Hard vs. soft macros
program(), program: Receiving messages from external applications, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), program: Sending messages to external applications, program() destination options, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Splunk: Sending log messages to Splunk, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Using wildcards, special characters, and regular expressions in filters, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Optimizing regular expressions, External actions
program-override(), Version 6 LTS - 7.0, log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED)
properties-file, How syslog-ng PE interacts with Apache Kafka
proto-template, ts-format()
p_apache_parser, Using channels in configuration objects

R

RCPTID, Hard vs. soft macros
read-old-records(), Version 7.0.4 - 7.0.5
recursive, recursive()
recv-time-zone(), Timezones and daylight saving, A note on timezones and timestamps
rekey(), value-pairs(), value-pairs(), value-pairs(), value-pairs()
relay-hostname-resolved-on-the-server, chain-hostnames()
reliable(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering, Using disk-based and memory buffering, Using disk-based and memory buffering
reply-to(), reply-to()
resource(), Client modes, Elasticsearch destination options, client-mode(), Client modes, Elasticsearch2 destination options, client-mode()
retries, retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries()
retries(), How syslog-ng PE interacts with Elasticsearch, flush-limit(), How syslog-ng PE interacts with Elasticsearch, flush-limit(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), sync-send(), Error handling
rewrite, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
rfc3164, value-pairs()
rfc5424, value-pairs()
riemann(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
root, Reusing configuration blocks, Managing complex syslog-ng configurations
R_UNIXTIME, A note on timezones and timestamps

S

safe-background, syslog-ng
safe-mode(), mongodb: Storing messages in a MongoDB database, safe-mode() (DEPRECATED)
sanitize-utf8, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
scope(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), value-pairs(), Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser
SDATA, Hard vs. soft macros
SEC, Date-related macros, Hard vs. soft macros
selected-macros, value-pairs()
selector(), Options add-contextual-data(), selector()
send-time-zone(), Timezones and daylight saving
sender, Metrics and counters of syslog-ng PE
sender(), from()
SEQNUM, Hard vs. soft macros
server(), Client modes, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), server(), mongodb: Storing messages in a MongoDB database
server-hostname, chain-hostnames()
servers(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, path() (DEPRECATED), servers() (DEPRECATED)
set(), Setting message fields to specific values
set-message-macro(), set-message-macro()
silently-drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
smtp, smtp: Generating SMTP messages (e-mail) from logs
smtp(), Relay mode, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
snmptrap, snmptrap: Read Net-SNMP traps
snmptrap(), snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap() source options, set-message-macro()
so-rcvbuf(), so-rcvbuf(), transport(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), so-rcvbuf(), transport(), system: Collecting the system-specific log messages of a platform, so-rcvbuf(), Possible causes of losing log messages, Handling large message load
SOCK_DGRAM, How sources work, How sources work, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
SOCK_STREAM, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
source, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
SOURCE, Hard vs. soft macros
source(), Using embedded log statements
SOURCEIP, Hard vs. soft macros
SO_BROADCAST, so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast()
spoof-source(), How relaying log messages works
sql, sql: Storing messages in an SQL database, Multithreading concepts of syslog-ng PE
sql(), Supported platforms, Relay mode, Installing syslog-ng, Prerequisites to installing syslog-ng PE, Sending and storing log messages — destinations and destination drivers, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, sql() destination options, flags(), flags(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, syslog-ng.conf
ssl-options, ssl-options()
sslv2, ssl-version()
sslv3, ssl-version()
stamp, stats-max-dynamics(), Metrics and counters of syslog-ng PE
STAMP, ts-format(), Date-related macros, Hard vs. soft macros
stats-freq(), stats-max-dynamics(), Log statistics from the internal() source
stats-level(), Monitoring statistics and metrics of syslog-ng, Metrics and counters of syslog-ng PE, Availability of statistics, Log statistics from the internal() source, The monitoring() source, The monitoring() source, query(), syslog-ng-ctl
stats-max-dynamics(), stats-max-dynamics(), stats-max-dynamics(), stats-max-dynamics()
stdin, program: Sending messages to external applications, program() destination options
store-matches, Replacing message parts
STREAMS, How sources work, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, syslog-ng.conf
string, Specifying data types in value-pairs
strip-whitespace, flags()
strip-whitespaces, strip-whitespaces
strip-whitespaces(), The XML parser
STRUCTURED-DATA, IETF-syslog messages
subject(), smtp: Generating SMTP messages (e-mail) from logs, subject()
subject_alt_name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
sun-streams, sun-streams: Collecting messages on Sun Solaris
sun-streams(), sun-streams: Collecting messages on Sun Solaris, sun-streams: Collecting messages on Sun Solaris, sun-streams() source options
supervising syslog-ng, syslog-ng
suppress(), Metrics and counters of syslog-ng PE
suppressed, Metrics and counters of syslog-ng PE
sync-send, sync-send()
syslog, flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, flags(), flags(), Parsers and segmenting structured messages, flags(), Multithreading concepts of syslog-ng PE
syslog(), Things to consider when forwarding messages between syslog-ng PE hosts, The syslog-ng PE quick-start guide, network: Collecting messages using the RFC3164 protocol (network() driver), ip-protocol(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, The XML parser, Glossary
syslog(transport(tcp)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog(transport(tls)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog(transport(udp)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog-ng-relay, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works
syslog-ng-server, How relaying log messages works, How relaying log messages works
syslog-parser, Parsing syslog messages, Options of syslog-parser parsers
syslog-proto, value-pairs()
syslog-protocol, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), flags(), flags(), flags(), flags(), flags(), flags()
syslogd, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, template(), template(), template(), template(), template(), template(), template(), template()
system, system: Collecting the system-specific log messages of a platform
system(), sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
systemd-journal, systemd-journal: Collecting messages from the systemd-journal system log storage
systemd-journal(), Version 7.0.4 - 7.0.5, system: Collecting the system-specific log messages of a platform, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal() source options
systemd-syslog, systemd-syslog: Collecting systemd messages using a socket
systemd-syslog(), systemd-syslog: Collecting systemd messages using a socket
s_apache, Using channels in configuration objects
S_UNIXTIME, A note on timezones and timestamps

T

table, sql: Storing messages in an SQL database
table(), sql: Storing messages in an SQL database
TAG, Hard vs. soft macros
TAGS, Hard vs. soft macros
tags(), Message representation in syslog-ng PE, Tagging messages, tags(), tags(), Using parser results in filters and templates, Using parser results in filters and templates
tcp, flags(), flags(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
tcp(), Things to consider when forwarding messages between syslog-ng PE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
tcp-keepalive-intvl(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time() + tcp-keepalive-intvl() * tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
tcp6(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
TCP_KEEPCNT, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPIDLE, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPINTVL, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
template, The configuration syntax in detail, syslog-ng.conf
template(), The JSON parser, The XML parser
template-escape(), Templates and macros, Templates and macros
threaded, flags(), flags(), flags(), Configuring multithreading
threaded(), Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
throttle, Possible causes of losing log messages
Thu, WEEK_DAY_ABBREV, C_WEEK_DAY_ABBREV, R_WEEK_DAY_ABBREV, S_WEEK_DAY_ABBREV
time-reap(), file: Storing messages in plain-text files
time-reopen(), How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), Error handling, The way syslog-ng interacts with the database, The way syslog-ng interacts with the database, The way syslog-ng interacts with the database
time-zone(), Timezones and daylight saving, Timezones and daylight saving, Date-related macros
timeout(), Correlating messages using the grouping-by() parser
timestamp(recvd), Parsing dates and timestamps
timezone(), timezone()
tls, flags(), flags(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol
tls(), Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options
tlsv1, ssl-version()
tlsv1_0, ssl-version()
tlsv1_1, ssl-version()
tlsv1_2, ssl-version()
to(), smtp: Generating SMTP messages (e-mail) from logs, to()
topic(), Kafka destination options
transport(tls), TLS options
trigger, Attributes
trigger(), Correlating messages using the grouping-by() parser
trusted-dn(), trusted-keys(), trusted-keys()
trusted-keys(), trusted-keys(), trusted-keys(), trusted-keys()
ts-format(), The HEADER message part, The HEADER message part, ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), STAMP, R_STAMP, S_STAMP, ts-format()
type(), Elasticsearch destination options, Elasticsearch2 destination options, sql: Storing messages in an SQL database, Using wildcards, special characters, and regular expressions in filters, Using wildcards, special characters, and regular expressions in filters, Replacing message parts, Types and options of regular expressions, pcre
TZ, Date-related macros, Hard vs. soft macros
TZOFFSET, Date-related macros, Hard vs. soft macros

U

udp, ip() or localip(), ip() or localip(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Multithreading concepts of syslog-ng PE
udp(), Things to consider when forwarding messages between syslog-ng PE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
udp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp6(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
ulimit, file() destination options
unicode, pcre
unix-dgram, How sources work, optional(), optional(), optional(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-dgram(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream() and unix-dgram() source options, keep-alive(), max-connections(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode()
unix-stream, How sources work, optional(), optional(), optional(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-stream(), The configuration syntax in detail, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream() and unix-dgram() source options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), syslog-ng.conf
UNIXTIME, Date-related macros, Hard vs. soft macros
unknown, Using parser results in filters and templates
uri(), database() (DEPRECATED), password() (DEPRECATED), path() (DEPRECATED), safe-mode() (DEPRECATED), servers() (DEPRECATED), username() (DEPRECATED)
use-dns(), How relaying log messages works, keep-hostname(), keep-hostname(), keep-hostname(), FULLHOST, FULLHOST_FROM, FULLHOST_FROM, HOST, HOST_FROM, HOST_FROM, Using name resolution in syslog-ng
use-fqdn(), Version 6 LTS - 7.0, FULLHOST, FULLHOST_FROM, HOST, HOST_FROM
use-rcptid, use-rcptid() (DEPRECATED) , RCPTID
use-uniqid(), custom-id(), custom-id(), use-rcptid() (DEPRECATED)
USEC, Date-related macros
user@example.com, @EMAIL@
usertty, usertty: Sending messages to a user terminal — usertty() destination
usertty(), usertty: Sending messages to a user terminal — usertty() destination, Handling large message load

X

xml(), The XML parser
xmllint, The XML parser
xml_parser, The XML parser
xx:xx:xx:..., @LLADDR@