Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
rsyslog documentation
rsyslog documentation
  • Getting Started with rsyslog
    • Installing rsyslog
    • Basic Configuration
    • Understanding the Default Configuration
    • Forwarding Logs
    • Next Steps
  • Configuration
    • Output Modules
      • omamqp1: AMQP 1.0 Messaging Output Module
      • omazureeventhubs: Microsoft Azure Event Hubs Output Module
      • omclickhouse: ClickHouse Output Module
      • omczmq: Output module for ZeroMQ
      • omdtls: Output Module for DTLS Protocol over UDP
      • omelasticsearch: Elasticsearch Output Module
      • omfile: File Output Module
      • omfwd: syslog Forwarding Output Module
      • omhdfs: Hadoop Filesystem Output Module
      • omhiredis: Redis Output Module
      • omhttp: HTTP Output Module
      • omhttpfs: Hadoop HTTPFS Output Module
      • omjournal: Systemd Journal Output
      • omkafka: write to Apache Kafka
      • omlibdbi: Generic Database Output Module
      • ommail: Mail Output Module
      • ommongodb: MongoDB Output Module
      • ommysql: MariaDB/MySQL Database Output Module
      • omoracle: Oracle Database Output Module
      • PostgreSQL Database Output Module (ompgsql)
      • ompipe: Pipe Output Module
      • omprog: Program integration Output module
      • omrabbitmq: RabbitMQ output module
      • omrelp: RELP Output Module
      • omruleset: ruleset output/including module
      • omsendertrack: Sender Tracking Output Module
      • omsnmp: SNMP Trap Output Module
      • omstdout: stdout output module (testbench tool)
      • omudpspoof: UDP spoofing output module
      • omusrmsg: notify users
      • omuxsock: Unix sockets Output Module
      • GuardTime Log Signature Provider (gt)
      • Keyless Signature Infrastructure Provider (ksi)
      • KSI Signature Provider (rsyslog-ksi-ls12)
    • Input Modules
      • im3195: RFC3195 Input Module
      • imbatchreport: Batch report input module
      • imdocker: Docker Input Module
      • imdtls: Input Module for DTLS Protocol over UDP
      • imfile: Text File Input Module
      • imgssapi: GSSAPI Syslog Input Module
        • GSSAPI module support in rsyslog v3
      • Imhiredis: Redis input plugin
      • imhttp: HTTP input module
      • imjournal: Systemd Journal Input Module
      • imkafka: read from Apache Kafka
      • imklog: Kernel Log Input Module
      • imkmsg: /dev/kmsg Log Input Module
      • immark: Mark Message Input Module
      • Impcap: network traffic capture
      • improg: Program integration input module
      • impstats: Generate Periodic Statistics of Internal Counters
      • imptcp: Plain TCP Syslog
      • imrelp: RELP Input Module
      • imsolaris: Solaris Input Module
      • imtcp: TCP Syslog Input Module
      • imtuxedoulog: Tuxedo ULOG input module
      • imudp: UDP Syslog Input Module
      • imuxsock: Unix Socket Input Module
    • Parser Modules
      • pmciscoios
      • pmdb2diag: DB2 Diag file parser module
      • pmlastmsg: last message repeated n times
      • Log Message Normalization Parser Module (pmnormalize)
      • pmnull: Syslog Null Parser Module
      • pmrfc3164: Parse RFC3164-formatted messages
      • pmrfc3164sd: Parse RFC5424 structured data inside RFC3164 messages
      • pmrfc5424: Parse RFC5424-formatted messages
    • Message Modification Modules
      • AI-based classification (mmaitag)
      • IP Address Anonymization Module (mmanon)
      • mmcount
      • Darwin connector (mmdarwin)
      • MaxMind/GeoIP DB lookup (mmdblookup)
      • Support module for external message modification modules
      • Fields Extraction Module (mmfields)
      • JSON/CEE Structured Content Extraction Module (mmjsonparse)
      • Kubernetes Metadata Module (mmkubernetes)
      • Log Message Normalization Module (mmnormalize)
      • RFC5424 structured data parsing module (mmpstrucdata)
      • mmrfc5424addhmac
      • mmrm1stspace: First Space Modification Module
      • Number generator and counter module (mmsequence)
      • mmsnmptrapd message modification module
      • mmtaghostname: message modification module
      • Fix invalid UTF-8 Sequences (mmutf8fix)
    • String Generator Modules
    • Library Modules
    • Basic Structure
    • Templates
    • rsyslog Properties
    • The Property Replacer
      • Property Replacer nomatch mode
    • Filter Conditions
    • RainerScript
      • Data Types
      • Expressions
      • Functions
        • Built-in Functions
          • cnum()
          • cstr()
          • dyn_inc()
          • exec_template()
          • exists()
          • field()
          • format_time()
          • get_property()
          • getenv()
          • int2hex()
          • num2ipv4() / ipv42num()
          • is_time()
          • lookup()
          • parse_json()
          • parse_time()
          • percentile_observe()
          • previous_action_suspended()
          • prifilt()
          • random()
          • re_extract()
          • re_extract_i()
          • re_match()
          • re_match_i()
          • replace()
          • script_error()
          • strlen()
          • substring()
          • tolower()
          • ltrim() / rtrim()
          • wrap()
        • Module Functions
          • Faup
          • HashXX
          • HashXXmod
          • HTTP-Request
          • Unflatten
      • Control Structures
      • configuration objects
      • String Constants
      • Variable (Property) types
      • Lookup Tables
      • General Queue Parameters
      • The rsyslog “call” statement
      • The rsyslog “call_indirect” statement
      • global() configuration object
      • The rsyslog include() object
    • Actions
    • Input
    • Parser
    • timezone
    • Examples
    • Legacy Configuration Directives
      • Configuration Parameter Types
      • Legacy Global Configuration Statements
        • $AbortOnUncleanConfig
        • $DebugPrintCFSyslineHandlerList
        • $DebugPrintModuleList
        • $DebugPrintTemplateList
        • $FailOnChownFailure
        • $GenerateConfigGraph
        • $IncludeConfig
        • $MainMsgQueueSize
        • $MaxOpenFiles
        • $ModDir
        • $ModLoad
        • $UMASK
        • $ResetConfigVariables
      • Legacy Directives affecting Input Modules
        • $AllowedSender
        • $DropMsgsWithMaliciousDnsPTRRecords
        • $ControlCharacterEscapePrefix
        • $DropTrailingLFOnReception
        • $Escape8BitCharactersOnReceive
        • $EscapeControlCharactersOnReceive
        • $MarkMessagePeriod
      • Depricated Legacy Action-Specific Configuration Statements
        • How to Convert Deprecated $ActionExecOnlyWhenPreviousIsSuspended to Modern Style
        • How to Convert Deprecated $ActionResumeInterval to Modern Style
        • $RepeatedMsgReduction
        • $omfileForceChown
        • $DirGroup
        • How to Convert Deprecated $DirOwner to Modern Style
        • $DynaFileCacheSize
        • $FileCreateMode
        • $FileGroup
        • $FileOwner
        • $GssForwardServiceName
        • $GssMode
      • Ruleset-Specific Legacy Configuration Statements
        • $RulesetCreateMainQueue
        • $RulesetParser
    • rsyslog statistic counter
    • Modules
      • Where are the modules integrated into the Message Flow?
    • Output Channels
    • Dropping privileges in rsyslog
    • Notes on IPv6 Handling in Rsyslog
    • libgcrypt Log Crypto Provider (gcry)
    • libossl Log Crypto Provider (ossl)
    • Dynamic Stats
    • Lookup Tables
    • Percentile Stats
    • Converting older formats to advanced
    • Configuration Formats
    • sysklogd format
  • FAQ
    • FAQ: some general topics often asked
    • What is the difference between the main_queue and a queue with a ruleset tied to an input?
    • FAQ: Encrypting MySQL Traffic with ommysql Plugin
    • FAQ: Troubleshooting UDP Packet Loss
    • Common Configuration Mistakes and Misunderstandings
  • Tutorials
    • Encrypting Syslog Traffic with TLS (SSL)
      • Sample Use Case: Single Central Log Server
      • Setting up the CA
      • Generating the machine certificate
      • Setting up the Central Server
      • Setting up a client
      • Setting up the UDP syslog relay
      • Error Messages
      • Creating certificates with a script
    • Encrypting Syslog Traffic with TLS (SSL) [short version]
    • Writing syslog messages to MariaDB, MySQL, PostgreSQL or any other supported Database
    • Handling a massive syslog database insert rate with Rsyslog
    • Reliable Forwarding of syslog Messages with Rsyslog
    • Recording the Priority of Syslog Messages
    • Failover Syslog Server
    • Log rotation with rsyslog
    • GELF forwarding in rsyslog
    • Log Sampling
    • Random sampling
    • Hash-based Sampling
  • Troubleshooting
    • Output File is not Being Written
    • Troubleshooting SELinux-Related Issues
    • Rsyslog Debug Support
    • troubleshooting problems
    • How to create a debug log
  • Concepts
    • Understanding rsyslog Queues
    • The Janitor Process
    • Message parsers in rsyslog
    • Multiple Rulesets in rsyslog
    • NetStream Drivers
      • ptcp Network Stream Driver
      • gtls Network Stream Driver
      • Supported Driver Modes
      • Supported Authentication Modes
      • CheckExtendedKeyPurpose
      • PrioritizeSAN
      • openssl Network Stream Driver
  • Development
    • The rsyslog config data model
    • Objects
    • Debugging
    • rsyslog code style
    • Writing Rsyslog Output Plugins
    • The rsyslog queue object
    • writing rsyslog tests
    • Documentation Style Guide
    • Generic design of a syslogd
    • Internal tooling
  • Reference
    • rsyslog and containers
      • Container-Features
      • docker specifics
    • Installation
      • Installing rsyslog from Package
      • Using Rsyslog Docker Containers
      • Installing rsyslog from Source
      • Installing rsyslog from the source repository
    • Historical Documents
      • Using php-syslog-ng with rsyslog
      • Legacy Format Samples for Multiple Rulesets
      • Developing rsyslog modules (outdated)
      • Receiving massive amounts of messages with high performance
      • Compatibility Notes for rsyslog v8
      • Compatibility Notes for rsyslog v7
      • Compatibility Notes for rsyslog v6
      • Compatibility Notes for rsyslog v5
      • Compatibility Notes for rsyslog v4
      • Compatibility Notes for rsyslog v3
    • RSyslog - History
    • Licensing
    • How you can Help
    • Community Resources
    • RSyslog - Features
    • Proposals
      • Version Naming
    • Rsyslog Whitepapers
      • syslog parsing in rsyslog
      • syslog-protocol support in rsyslog
      • Turning Lanes and Rsyslog Queues
      • Preserving syslog sender over NAT
      • How reliable should reliable logging be?
Back to top
View this page

Reference¶

  • rsyslog and containers
  • Installation
  • Historical Documents
  • RSyslog - History
  • Licensing
  • How you can Help
  • Community Resources
  • RSyslog - Features
  • Proposals
  • Rsyslog Whitepapers

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.

Next
rsyslog and containers
Previous
Internal tooling
Made with Furo