7.8. http: Posting messages over HTTP without Java

Version 3.8 of syslog-ng OSE can directly post log messages to web services using the HTTP protocol, without having to use Java. The current implementation has the following limitations:

  • Only the PUT and the POST methods are supported.

HTTPS connection, as well as password- and certificate-based authentication is supported.

Example 7.20. Client certificate authentication with HTTPS
destination d_https { 
  http(
    [...]
    ca_file("/<path-to-certificate-directory>/ca-crt.pem")
    ca_dir("/<path-to-certificate-directory>/")
    cert_file("/<path-to-certificate-directory>/server-crt.pem")
    key_file("/<path-to-certificate-directory>/server-key.pem")
    [...]
  ); 
};

Declaration: 

destination d_http {
    http(
        url("<web-service-IP-or-hostname>")
        method("<HTTP-method>")
        user_agent("<USER-AGENT-message-value>")
        user("<username>")
        password("<password>")
    );
};
Example 7.21. Sending log data to a web service

The following example defines an http destination.

destination d_http {
  http(
    url("http://127.0.0.1:8000")
    method("PUT")
    user_agent("syslog-ng User Agent")
    user("user")
    password("password")
    headers("HEADER1: header1", "HEADER2: header2")
    body("${ISODATE} ${MESSAGE}")
  );
};

log
    { source(s_file); destination(d_http); flags(flow-control); };

You can also use the http() destination to forward log messages to Splunk using syslog-ng OSE.