Chapter 6. Collecting log messages — sources and source drivers

6.1. How sources work
6.2. internal: Collecting internal messages
6.2.1. internal() source options
6.3. file: Collecting messages from text files
6.3.1. Notes on reading kernel messages
6.3.2. file() source options
6.4. wildcard-file: Collecting messages from multiple text files
6.4.1. wildcard-file() source options
6.5. network: Collecting messages using the RFC3164 protocol (network() driver)
6.5.1. network() source options
6.6. nodejs: Receiving JSON messages from nodejs applications
6.6.1. nodejs() source options
6.7. mbox: Converting local e-mail messages to log messages
6.8. osquery: Collect and parse osquery result logs
6.8.1. osquery() source options
6.9. pipe: Collecting messages from named pipes
6.9.1. pipe() source options
6.10. pacct: Collecting process accounting logs on Linux
6.10.1. pacct() options
6.11. program: Receiving messages from external applications
6.11.1. program() source options
6.12. snmptrap: Read Net-SNMP traps
6.12.1. snmptrap() source options
6.13. sun-streams: Collecting messages on Sun Solaris
6.13.1. sun-streams() source options
6.14. syslog: Collecting messages using the IETF syslog protocol (syslog() driver)
6.14.1. syslog() source options
6.15. system: Collecting the system-specific log messages of a platform
6.16. systemd-journal: Collecting messages from the systemd-journal system log storage
6.16.1. systemd-journal() source options
6.17. systemd-syslog: Collecting systemd messages using a socket
6.18. tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
6.18.1. tcp(), tcp6(), udp() and udp6() source options — OBSOLETE
6.19. unix-stream, unix-dgram: Collecting messages from UNIX domain sockets
6.19.1. UNIX credentials and other metadata
6.19.2. unix-stream() and unix-dgram() source options