ParseSyslog

Description:

Attempts to parses the contents of a Syslog message in accordance to RFC5424 and RFC3164 formats and adds attributes to the FlowFile for each of the parts of the Syslog message.Note: Be mindfull that RFC3164 is informational and a wide range of different implementations are present in the wild. If messages fail parsing, considering using RFC5424 or using a generic parsing processors such as ExtractGrok.

Tags:

logs, syslog, attributes, system, event, message

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Character SetCharacter SetUTF-8Specifies which character set of the Syslog messages

Relationships:

NameDescription
successAny FlowFile that is successfully parsed as a Syslog message will be to this Relationship.
failureAny FlowFile that could not be parsed as a Syslog message will be transferred to this Relationship without any attributes being added

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
syslog.priorityThe priority of the Syslog message.
syslog.severityThe severity of the Syslog message derived from the priority.
syslog.facilityThe facility of the Syslog message derived from the priority.
syslog.versionThe optional version from the Syslog message.
syslog.timestampThe timestamp of the Syslog message.
syslog.hostnameThe hostname or IP address of the Syslog message.
syslog.senderThe hostname of the Syslog server that sent the message.
syslog.bodyThe body of the Syslog message, everything after the hostname.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.

See Also:

ListenSyslog, PutSyslog