Index

Symbols

$(context-length), Attributes
$(echo), Using template functions
$(grep), context-lookup
$(indent-multi-line ${MESSAGE}), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
$(list-slice), context-lookup
$DATE, value-pairs()
$FACILITY, value-pairs(), value-pairs()
$FULLHOST_FROM, FULLHOST_FROM, FULLHOST_FROM
$HOST, value-pairs(), value-pairs()
$HOST_FROM, HOST_FROM, HOST_FROM
$MESSAGE, value-pairs(), value-pairs()
$MSGID, value-pairs()
$PID, value-pairs(), value-pairs()
$PRIORITY, value-pairs(), value-pairs()
$PROGRAM, value-pairs(), value-pairs(), pdbtool
$R_DATE, value-pairs()
$SEQNUM, value-pairs()
$SOURCEIP, value-pairs(), value-pairs()
$TAGS, value-pairs()
$UNIXTIME, Specifying data types in value-pairs
$_, Setting multiple message fields to specific values
${.cisco.facility}, The Cisco Parser
${.cisco.mnemonic}, The Cisco Parser
${.cisco.severity}, The Cisco Parser
${.SDATA.SDID.SDNAME}, SDATA, .SDATA.SDID.SDNAME
${.unix.cmdline}, UNIX credentials and other metadata
${.unix.exe}, UNIX credentials and other metadata
${.unix.gid}, UNIX credentials and other metadata
${.unix.pid}, UNIX credentials and other metadata, UNIX credentials and other metadata
${.unix.uid}, UNIX credentials and other metadata
${AMPM}, AMPM, HOUR12, C_HOUR12, R_HOUR12, S_HOUR12
${C_DATE}, Date-related macros
${DATE}, Date-related macros, FULLDATE, C_FULLDATE, R_FULLDATE, S_FULLDATE
${DAY}, Formatting messages, filenames, directories, and tablenames
${FILE_NAME}, wildcard-file: Collecting messages from multiple text files
${FULLHOST_FROM}, Templates and macros, FULLHOST_FROM, SOURCEIP
${FULLHOST}, Templates and macros
${HOST_FROM}, Templates and macros, HOST_FROM
${HOST}, Global objects, The syslog-ng OSE quick-start guide, file() destination options, Formatting messages, filenames, directories, and tablenames, Templates and macros, Using template functions, echo
${HOUR12}, AMPM
${HOUR}, Date-related macros
${ISODATE}, Date-related macros, ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${LEVEL}, LEVEL_NUM, PRIORITY or LEVEL
${MESSAGE}, Message representation in syslog-ng OSE, flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), flags(), multi-line-mode(), multi-line-prefix(), flags(), Combining filters with boolean operators, MESSAGE, substr, flags(), pdbtool
${MSGHDR}, Templates and macros, MESSAGE
${MSGONLY}, MESSAGE
${PID}, Comparing macro values in filters
${PROGRAM}, file: Storing messages in plain-text files, pdbtool, pdbtool, pdbtool
${RCPTID}, use-rcptid() , RCPTID
${R_DATE}, Date-related macros
${SDATA}, SDATA, .SDATA.SDID.SDNAME
${SEQNUM}, SEQNUM, SEQNUM, SEQNUM
${S_DATE}, Date-related macros, Date-related macros
${TAGS}, Tagging messages, TAGS, Description
${TZOFFSET}, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${WEEKDAY}, overwrite-if-older()
-, loggen, pdbtool, pdbtool
--active-connections, loggen
--caps, syslog-ng
--ctrl-chars or -c, sanitize
--debug, Troubleshooting syslog-ng
--debug-csv, pdbtool
--debug-pattern, pdbtool
--dgram, loggen
--disable-http, Installing syslog-ng
--disable-smtp, Installing syslog-ng
--enable-all-modules, Version 3.6 - 3.7
--enable-geoip, geoip (DEPRECATED), geoip2
--enable-linux-caps, syslog-ng, syslog-ng
--enable-mixed-linking, Installing syslog-ng, Compiling options of syslog-ng OSE
--enable-pacct, pacct: Collecting process accounting logs on Linux
--enable-pcre, Version 3.5 - 3.6
--enable-spoof-source, How relaying log messages works, spoof-source(), spoof-source()
--enable-ssl, hash
--fd-limit, file() destination options
--field, geoip2
--foreground, syslog-ng
--group, syslog-ng
--idle-connections, loggen
--inet, loggen
--interval, loggen, loggen
--invalid-chars <characterlist> or -i <characterlist>, sanitize
--length, hash, hash
--no-caps, syslog-ng, syslog-ng
--no-ctrl-chars or -C, sanitize
--no-framing, loggen
--number, loggen, loggen
--qdisk-dir=, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
--read-file, loggen, loggen
--replacement <replacement-character> or -r <replacement-character>, sanitize
--sdata, loggen
--sdata [test name=\value\], loggen
--skip-tokens, loggen
--skip-tokens 2, loggen
--stderr, syslog-ng-ctl, syslog-ng-ctl, syslog-ng-ctl
--support=3.0, pdbtool
--syslog-proto, loggen
--user, syslog-ng
--verbose, Troubleshooting syslog-ng
--with-ivykis=system, Compiling options of syslog-ng OSE
--with-libmongo-client=internal, Compiling options of syslog-ng OSE
--with-libmongo-client=system, Compiling options of syslog-ng OSE
--with-librabbitmq-client=system, Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
--worker-threads, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE
-e, syslog-ng-ctl, syslog-ng-ctl, syslog-ng-ctl
-R -, loggen
.apache., The Apache Access Log Parser
.classifier.<message-class>, tags(), Using parser results in filters and templates
.classifier.class, Using parser results in filters and templates
.classifier.context_id, Using parser results in filters and templates, Correlating log messages using pattern databases, Attributes, Attributes
.classifier.rule_id, Using parser results in filters and templates, Using parser results in filters and templates
.classifier.system, tags(), Using parser results in filters and templates
.classifier_class, Using parser results in filters and templates
.dict.string1, pdbtool
.dict.string2, pdbtool
.nodejs.winston., nodejs: Receiving JSON messages from nodejs applications
.osquery., osquery: Collect and parse osquery result logs
.SDATA.meta, Tagging messages
.snmp., snmptrap: Read Net-SNMP traps
.solaris.msgid, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
.TLS.X509_CN, .TLS.X509
.TLS.X509_O, .TLS.X509
.TLS.X509_OU, .TLS.X509
.USER, Setting multiple message fields to specific values, Setting multiple message fields to specific values
/, sanitize
/usr, Installing syslog-ng
0, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), pdbtool
00:50:fc:e3:cd:37, @MACADDR@
1, pdbtool, pdbtool
1061, loggen
4.0, pdbtool
4096, syslog-ng
59, The XML parser
::1, loggen
<action>, Triggering actions for identified messages, Example, Example
<create-context>, Triggering actions for identified messages, Example
<message>, Triggering actions for identified messages, Example, Example
<object-type> (<object-id>);, Defining configuration objects inline
<object-type> {<object-definition>};, Defining configuration objects inline
<pattern>postfix\@ESTRING:.postfix.component:[@</pattern>, Children
<user@example.com>, @EMAIL@, @EMAIL@
@cim, system: Collecting the system-specific log messages of a platform
@define allow-config-dups 1, The syslog-ng OSE configuration file, Including configuration files, syslog-ng.conf
@DOUBLE@, @FLOAT@
@EMAIL:email:[<]>@, @EMAIL@
@ESTRING:: @, pdbtool
@FLOAT@, @DOUBLE@
@module, Loading modules, Loading modules, Loading modules, Loading modules
@module <modulename>, syslog-ng
@PCRE:name:regexp@, @PCRE@
@SET:: @, @SET@
@version, Loading modules, Including configuration files
[user@example.com], @EMAIL@

A

Accepted publickey for myuser from 127.0.0.1 port 59357 ssh2, pdbtool
actions, Triggering actions for identified messages
conditional actions, Conditional actions
context-length, Attributes
external actions, External actions
message correlation, Actions and message correlation
add-contextual-data(), Adding metadata from an external file, Options add-contextual-data()
adding contextual information, Enriching log messages with external data
AF_UNIX, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream() and unix-dgram() source options
aggregate(), Correlating messages using the grouping-by() parser, aggregate(), aggregate(), inject-mode()
alert, level() or priority()
alerting, Triggering actions for identified messages
AMPM, Date-related macros
amqp, amqp: Publishing messages using AMQP
amqp(), Structuring macros, metadata, and other value-pairs, amqp: Publishing messages using AMQP, amqp: Publishing messages using AMQP, amqp: Publishing messages using AMQP, amqp() destination options, amqp() destination options, amqp() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
anonymization, hash, Replacing message parts
anonymizing credit card numbers, Anonymizing credit card numbers
apache, The Apache Access Log Parser
Apache Access Log, The Apache Access Log Parser
apache-accesslog-parser, The Apache Access Log Parser
apache-accesslog-parser(), The Apache Access Log Parser, Options of apache-accesslog-parser() parsers, Options of apache-accesslog-parser() parsers, prefix()
ArcSight Common Event Format, format-cef-extension
artificial ignorance
message classification, Using pattern parsers
assume-utf8, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
attributes(), attributes()
auditd, The Linux Audit Parser
authentication, Secure logging using TLS, Secure logging using TLS, Encrypting log messages with TLS
Elasticsearch, http-auth-type(), http-auth-type-basic-password(), http-auth-type-basic-username(), java-keystore-filepath(), java-keystore-password(), java-truststore-filepath(), java-truststore-password()
autoload-compiled-modules, Loading modules

C

ca-dir(), crl-dir(), pkcs12-file()
cacert(), type()
catchall, Log path flags, Log path flags, Log path flags
ca_dir(), ca-dir(), ca-dir()
ca_file(), ca-file()
cc(), cc()
CEF, format-cef-extension
cert(), type()
cert-file(), key-file(), key-file(), type(), type(), type(), key-file(), pkcs12-file()
certificate authentication
Elasticsearch, java-keystore-filepath(), java-keystore-password(), java-truststore-filepath(), java-truststore-password()
certificates, Secure logging using TLS
cert_file(), cert-file(), cert-file(), cert-file()
chain-hostnames(), Version 3.6 - 3.7, Configuring syslog-ng relays, chain-hostnames(), FULLHOST, HOST
channel, Using channels in configuration objects
channels, Using channels in configuration objects
chroots, Best practices and examples
CIM, system: Collecting the system-specific log messages of a platform
cipher-suite(), cipher-suite(), cipher-suite(), cipher-suite(), cipher-suite()
cisco, The Cisco Parser
Cisco Parser, The Cisco Parser
Cisco sequence number, SEQNUM
Cisco timestamp, SEQNUM
cisco-parser(), The Cisco Parser, The Cisco Parser, The Cisco Parser, prefix()
class-name(), class-name()
class-path, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
class-path(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir()
classifying messages
concepts of, Classifying log messages
configuration, Using pattern databases
creating databases, The syslog-ng pattern database format
filtering, Using parser results in filters and templates
pattern matching concepts, How pattern matching works
class_name(), class-name()
client mode, Client mode
client-host, How relaying log messages works, How relaying log messages works, How relaying log messages works
client-hostname-from-the-message, chain-hostnames()
client-hostname-resolved-on-the-relay, chain-hostnames()
client-hostname-resolved-on-the-server, chain-hostnames()
client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir()
clientcert, http-auth-type()
cluster(), Client modes, Elasticsearch destination options, client-mode(), client-mode(), client-mode(), Client modes, Client modes, Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options, client-mode(), client-mode(), client-mode()
cluster_url(), client-mode(), client-mode(), client-mode(), client-mode(), cluster-url(), Client modes, Client modes, Client modes, Client modes, client-mode(), client-mode(), client-mode(), client-mode(), cluster-url(), server()
columns(), sql: Storing messages in an SQL database, values()
Common Information Model (CIM), system: Collecting the system-specific log messages of a platform
Common Name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
comparing values, Comparing macro values in filters
compiling syslog-ng OSE, Installing syslog-ng
concurrent-requests, How syslog-ng OSE interacts with Elasticsearch, flush-limit(), How syslog-ng OSE interacts with Elasticsearch, flush-limit()
concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests()
condition, Conditional actions
condition(), Conditional rewrites, Conditional rewrites
condition='$(context-length) >= 5', Attributes
conditional rewrites, Conditional rewrites, Conditional rewrites
confgen, Managing complex syslog-ng configurations
configuration file
default configuration, The syslog-ng OSE quick-start guide, The syslog-ng OSE quick-start guide
including other files, Including configuration files
configuration files
dynamic elements, Managing complex syslog-ng configurations
configuration snippets, Reusing configuration blocks
block arguments, Passing arguments to configuration blocks
dynamical block arguments, Passing arguments to configuration blocks
context, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Actions and message correlation, Children, Children, Children, aggregate()
context of messages, Correlating log messages using pattern databases
context-id, Correlating log messages using pattern databases, Attributes, Attributes, Attributes, Attributes
context-lookup, context-lookup, context-lookup, context-lookup, context-lookup, grep
context-scope, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Attributes, Attributes, Children, Attributes, Attributes, Attributes, Attributes, scope()
context-timeout, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser
context-values, context-values
CONTEXT_ID, Hard vs. soft macros
convert value-pairs, map-value-pairs: Rename value-pairs to normalize logs
Coordinated Universal Time, A note on timezones and timestamps
core files, Troubleshooting syslog-ng
correlate messages, Correlating messages using the grouping-by() parser
correlating log messages, Numerical operations, Correlating log messages
correlating messages, Correlating log messages using pattern databases, Correlating messages using the grouping-by() parser
create-dirs(), file: Storing messages in plain-text files, dir-perm(), dir-perm()
creating SDATA fields, Creating custom SDATA fields
credit card numbers
anonymizing, Anonymizing credit card numbers
masking, Anonymizing credit card numbers
credit-card-hash(), Anonymizing credit card numbers
credit-card-mask(), Anonymizing credit card numbers
crit, level() or priority()
crl_dir(), crl-dir()
CSV parsers, Options of CSV parsers
csv-parser(), Global objects, Junctions and channels, Parsing messages with comma-separated and similar values, Parsing messages with comma-separated and similar values, Options of CSV parsers, Options of CSV parsers
CSV-values, Parsing messages with comma-separated and similar values
custom python parser, The Python Parser
custom-domain(), Version 3.5 - 3.6

D

data anonymization, Anonymizing credit card numbers
data enrichment, Enriching log messages with external data
add-contextual-data() , Adding metadata from an external file, Options add-contextual-data()
data types, Specifying data types in value-pairs
database(), sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, database(), Options add-contextual-data(), database(), database()
DATE, value-pairs(), Date-related macros, Hard vs. soft macros
date, Parsing dates and timestamps, Options of date-parser() parsers
date-parser(), Parsing dates and timestamps, Options of date-parser() parsers
datetime, Specifying data types in value-pairs
DAY, Date-related macros, Hard vs. soft macros
daylight saving changes, Timezones and daylight saving
db-parser(), Using pattern databases, Using pattern databases, Triggering actions for identified messages
debug, level() or priority(), Dropping messages
default-facility(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files, default-facility()
default-level(), default-level()
default-priority(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files
default-selector(), Adding metadata from an external file, default-selector(), default-selector(), prefix()
default_facility(), default-facility()
default_level(), default-level()
deinit(), Version 3.11 - 3.12, Methods of the python() parser
deinit(self), Methods of the python() parser
deleting syslog-ng OSE, Uninstalling syslog-ng OSE
delimiters(), delimiters()
delimiters(<delimiter_characters>), delimiters()
destination, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
destination drivers, Global objects, Sending and storing log messages — destinations and destination drivers
amqp() driver, amqp: Publishing messages using AMQP, amqp() destination options
C, Write your own custom destination in Java or Python
custom, Write your own custom destination in Java or Python
database driver, sql: Storing messages in an SQL database, sql() destination options
elasticsearch , elasticsearch: Sending messages directly to Elasticsearch version 1.x, Elasticsearch destination options
elasticsearch2 , elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options
file() driver, file: Storing messages in plain-text files, file() destination options
graphite(), graphite: Sending metrics to Graphite
graphite() driver, graphite() destination options
hdfs , hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options
http , Posting messages over HTTP, HTTP destination options, http: Posting messages over HTTP without Java, HTTP destination options
http() driver, http: Posting messages over HTTP without Java
Java, Write your own custom destination in Java or Python
java() driver, elasticsearch: Sending messages directly to Elasticsearch version 1.x, Elasticsearch destination options, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options, Posting messages over HTTP, HTTP destination options, kafka: Publishing messages to Apache Kafka, Kafka destination options
kafka , kafka: Publishing messages to Apache Kafka, Kafka destination options
list of, Sending and storing log messages — destinations and destination drivers, syslog-ng.conf
loggly(), loggly: Using Loggly
loggly() driver, loggly() destination options
logmatic(), logmatic: Using Logmatic.io
logmatic() driver, logmatic() destination options
mongodb() driver, mongodb: Storing messages in a MongoDB database, mongodb() destination options
network() driver, network() destination options
pipe() driver, pipe: Sending messages to named pipes, pipe() destination options
program() driver, program: Sending messages to external applications, program() destination options
pseudofile() driver, pseudofile(), pseudofile() destination options
Python, Write your own custom destination in Java or Python
redis() driver, redis: Storing name-value pairs in Redis, redis() destination options
riemann() driver, riemann: Monitoring your data with Riemann, riemann() destination options
smtp() driver, smtp: Generating SMTP messages (e-mail) from logs, smtp() destination options
Splunk, Splunk: Sending log messages to Splunk
sql() driver, sql: Storing messages in an SQL database, sql() destination options
stomp() driver, stomp: Publishing messages using STOMP, stomp() destination options
syslog() driver, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog() destination options
tcp() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
tcp6() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp6() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
unix-dgram() driver, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options
unix-stream() driver, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options
usertty() driver, usertty: Sending messages to a user terminal — usertty() destination
destinations, Logging with syslog-ng, Global objects, Sending and storing log messages — destinations and destination drivers, syslog-ng.conf
amqp(), Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
defining, Sending and storing log messages — destinations and destination drivers
FreeTDS configuration, Installing syslog-ng
http(), Installing syslog-ng, Compiling options of syslog-ng OSE
Microsoft SQL Server configuration, Installing syslog-ng
mongodb(), Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
MSSQL configuration, Installing syslog-ng
redis(), Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
riemann(), Compiling options of syslog-ng OSE
smtp(), Installing syslog-ng
sql(), Compiling options of syslog-ng OSE
sql() configuration, sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database, null()
DH parameter file, dhparam-file()
dhparam, dhparam-file()
dhparam-file(), What is new in syslog-ng Open Source Edition 3.12?, dhparam-file()
dhparam_file(), dhparam-file()
Diffie-Hellman parameter file, dhparam-file()
dir-group(), dir-group()
dir-owner(), dir-owner()
dir-perm(), dir-perm(), dir-perm()
dirname, FILE_NAME, basename
dirname(), Version 3.9 - 3.10
disable SSL, cipher-suite(), cipher-suite(), ssl-options(), ssl-options()
disable TLS, ssl-options()
disabling SSL, ssl-options()
disabling TLS, ssl-options()
discarding messages, Dropping messages
disk buffer, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering
disk queue (see disk buffer)
disk buffer, Managing incoming and outgoing messages with flow-control
disk-based buffering, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering
disk-buf-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Flow-control and multiple destinations, Using disk-based and memory buffering, Size and truncation of queue files
disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
disk_buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
dns-cache(), FULLHOST, HOST
dns-cache-hosts(), Using name resolution in syslog-ng
dont-create-tables, flags()
dont-store-legacy-msghdr, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
door(), sun-streams: Collecting messages on Sun Solaris
dot-nv-pairs, value-pairs()
double, Specifying data types in value-pairs
download
pattern databases, Downloading sample pattern databases
drop-invalid, flags(), flags()
drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), format-cef-extension, on-error()
drop-unmatched(), Using pattern databases, Using pattern databases
dropped, Statistics of syslog-ng, Statistics of syslog-ng
dropping messages, Dropping messages
dynamic, Installing syslog-ng
dynamic configuration, Managing complex syslog-ng configurations
dynamical block arguments, Passing arguments to configuration blocks

E

ecdh-curve-list(), What is new in syslog-ng Open Source Edition 3.12?, ecdh-curve-list()
elastic2(), Version 3.8 - 3.9, elasticsearch: Sending messages directly to Elasticsearch version 1.x
elasticsearch, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, How syslog-ng OSE interacts with Elasticsearch, Elasticsearch destination options, client-lib-dir()
performance, concurrent-requests(), flush-limit()
transferring geoip data, Looking up GeoIP data from IP addresses (DEPRECATED)
transferring geoip2 data, Transferring your logs to Elasticsearch using GeoIP2
elasticsearch(), elasticsearch: Sending messages directly to Elasticsearch version 1.x
elasticsearch2, Sending and storing log messages — destinations and destination drivers, elasticsearch: Sending messages directly to Elasticsearch version 1.x, client-mode(), client-mode(), elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, How syslog-ng OSE interacts with Elasticsearch, Client modes, Client modes, Elasticsearch2 destination options, client-mode(), client-mode(), syslog-ng.conf
performance, concurrent-requests(), flush-limit()
elasticsearch2(), Version 3.9 - 3.10, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
email, @EMAIL@
embedded log statements, Embedded log statements
emerg, level() or priority()
empty-lines, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
encoding(), Message size and encoding, format-cef-extension
encrypting log messages, Secure logging using TLS, Encrypting log messages with TLS
enriching data
add-contextual-data() , Adding metadata from an external file, Options add-contextual-data()
enriching log messages, Enriching log messages with external data
environmental variables, Global and environmental variables
err, level() or priority()
error, PRIORITY or LEVEL
error solving, Troubleshooting syslog-ng
escape-backslash, dialect(), flags()
escape-double-char, dialect(), flags()
escape-none, dialect(), dialect(), flags()
escaping special characters, Regular expressions
exclude(), Structuring macros, metadata, and other value-pairs, value-pairs()
exclude_tags, exclude-tags
expect-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
explicit-commits, flags(), flags()
extended timestamp format, SEQNUM
extract-prefix, Version 3.5 - 3.6
extract-prefix(), extract-prefix()
extract-solaris-msgid(), Version 3.6 - 3.7, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
extract-stray-words-into(), extract-stray-words-into(), extract-stray-words-into()
extract_prefix(), extract-prefix()

F

facilities, The PRI message part, The PRI message part, facility(), General recommendations
FACILITY, Hard vs. soft macros
facility, General recommendations
facility(), facility()
FACILITY_NUM, Hard vs. soft macros
fail-over, High availability support
failover
in mongodb, mongodb: Storing messages in a MongoDB database
failure script, Troubleshooting syslog-ng
fallback, Log path flags, Log path flags, Log path flags, flags()
fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
fd limit, file() destination options
file, file: Collecting messages from text files, file: Storing messages in plain-text files, flags(), Using pattern databases, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE
file descriptors, file() destination options
file(), The syslog-ng OSE configuration file, file: Collecting messages from text files, Notes on reading kernel messages, file() source options, flags(), wildcard-file: Collecting messages from multiple text files, flags(), flags(), mbox: Converting local e-mail messages to log messages, osquery: Collect and parse osquery result logs, pipe: Collecting messages from named pipes, flags(), flags(), flags(), flags(), flags(), file: Storing messages in plain-text files, file() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags(), syslog-ng.conf
filename(), snmptrap() source options
filename-pattern(), wildcard-file: Collecting messages from multiple text files, wildcard-file: Collecting messages from multiple text files
filter, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
filter functions
list of, Filter functions, syslog-ng.conf
filter(), Conditional rewrites
filtering
.classifier_class, Using parser results in filters and templates
on message class, Using parser results in filters and templates
filtering rewrites, Conditional rewrites, Conditional rewrites
filters, Logging with syslog-ng, Global objects, Filters, Optimizing regular expressions, Handling large message load, syslog-ng.conf
AND, OR, NOT, Combining filters with boolean operators
blacklisting, inlist()
boolean operators, Combining filters with boolean operators
comparing values, Comparing macro values in filters, Comparing macro values in filters
control characters, Using wildcards, special characters, and regular expressions in filters
defining, Using filters
facilities, , facility()
facility and priority (level) ranges, level() or priority()
in-list(), inlist()
priorities, level() or priority()
reference, Filter functions
tags, Tagging messages
whitelisting, inlist()
wildcards, Using wildcards, special characters, and regular expressions in filters
final, Logging with syslog-ng, Log path flags, Log path flags, Log path flags, Dropping messages
flag(syslog-protocol), Things to consider when forwarding messages between syslog-ng OSE hosts
flags, Log paths, Log path flags
empty-lines, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
in junctions, Junctions and channels
flags(), The syslog-ng OSE configuration file, Log paths, Embedded log statements, Replacing message parts, flags(), syslog-ng.conf
flags(no-multi-line), flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), flags(), multi-line-mode(), multi-line-prefix(), flags(), Macros of syslog-ng OSE, MESSAGE, flags()
flags(no-parse), Message representation in syslog-ng OSE, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), Macros of syslog-ng OSE, MESSAGE, Parsers and segmenting structured messages, flags()
flags(syslog-protocol), Parsing syslog messages
flow-control, Log paths, Embedded log statements, Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
example, Configuring flow-control
hard, Managing incoming and outgoing messages with flow-control
multiple destinations, Flow-control and multiple destinations
soft, Managing incoming and outgoing messages with flow-control
flush-limit, How syslog-ng OSE interacts with Elasticsearch, How syslog-ng OSE interacts with Elasticsearch, flush-limit(), flush-limit(), How syslog-ng OSE interacts with Elasticsearch, How syslog-ng OSE interacts with Elasticsearch, flush-limit(), flush-limit()
flush-limit(), concurrent-requests(), concurrent-requests()
flush-lines(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flags(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout(), sync() or sync-freq() (DEPRECATED), Multithreading concepts of syslog-ng OSE, Handling large message load
flush-timeout(), flags(), Multithreading concepts of syslog-ng OSE
flush_lines, Possible causes of losing log messages
follow-freq(), The syslog-ng OSE configuration file, Notes on reading kernel messages, Notes on reading kernel messages, follow-freq(), follow-freq(), monitor-method(), follow-freq(), follow-freq(), follow-freq(), syslog-ng.conf
follow-freq(1), system: Collecting the system-specific log messages of a platform
foo bar, loggen
foo bar message, loggen
foreground, syslog-ng
format(), format()
format(linux-kmsg), system: Collecting the system-specific log messages of a platform
format-cef-extension, format-cef-extension, format-cef-extension
format-cef-extension(), format-cef-extension
format-cim, Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
compiling, Compiling options of syslog-ng OSE
format-cim(), format-cim
format-json, Specifying data types in value-pairs, value-pairs(), Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE, osquery: Collect and parse osquery result logs, format-json, format-json, Parsing key=value pairs, The JSON parser, The XML parser, The XML parser, The Apache Access Log Parser, The Linux Audit Parser
compiling, Compiling options of syslog-ng OSE
format-json(), Structuring macros, metadata, and other value-pairs, template()
format-welf(), Structuring macros, metadata, and other value-pairs, format-welf, format-welf
formatting messages, Formatting messages, filenames, directories, and tablenames
formatting multi-line messages, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), ts-format(), ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, frac-digits()
from(), smtp: Generating SMTP messages (e-mail) from logs, from()
fsync(), fsync()
FULLDATE, Date-related macros, Hard vs. soft macros
FULLHOST, Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values
FULLHOST_FROM, Hard vs. soft macros

G

generating alerts, Triggering actions for identified messages
geoip, Looking up GeoIP data from IP addresses (DEPRECATED), Options of geoip parsers, Options of geoip parsers
compiling, Compiling options of syslog-ng OSE
elasticsearch, Looking up GeoIP data from IP addresses (DEPRECATED)
geoip2, Compiling options of syslog-ng OSE, Looking up GeoIP2 data from IP addresses, Transferring your logs to Elasticsearch using GeoIP2, Options of geoip2 parsers, Options of geoip2 parsers
elasticsearch, Transferring your logs to Elasticsearch using GeoIP2
geoip2-parser, Compiling options of syslog-ng OSE
glob patterns, filename-pattern(), glob
global objects, Global objects
global options, Configuring global syslog-ng options
reference, Global options
global variables, Global and environmental variables
gmake, Installing syslog-ng
graphite, graphite: Sending metrics to Graphite
graphite(), graphite: Sending metrics to Graphite, graphite: Sending metrics to Graphite, graphite() destination options
graphite-output, Version 3.5 - 3.6, graphite: Sending metrics to Graphite, graphite-output
greedy, Parsing messages with comma-separated and similar values, flags(), flags(), flags(), flags()
greedy(), @ANYSTRING@
grep, grep, Referencing earlier messages of the context, Referencing earlier messages of the context
group(), group(), group()
grouping log messages, Correlating log messages
grouping-by, Correlating log messages, Options of grouping-by parsers
grouping-by(), Correlating log messages using pattern databases, Correlating messages using the grouping-by() parser, Referencing earlier messages of the context, inject-mode()
aggregate(), aggregate()
having(), having()
inject-mode(), inject-mode()
key(), key()
scope(), scope()
timeout(), timeout()
trigger(), trigger()
where(), where()
groupset(), Setting multiple message fields to specific values, Setting multiple message fields to specific values, Setting multiple message fields to specific values
groupunset(), Version 3.8 - 3.9, Unsetting message fields

H

hard macros, Message representation in syslog-ng OSE, Hard vs. soft macros
having(), Correlating messages using the grouping-by() parser, having(), having()
hdfs, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options, client-lib-dir()
hdfs(), Version 3.9 - 3.10, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), kerberos-keytab-file(), kerberos-principal(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
hdfs-append-enabled, hdfs-append-enabled(), hdfs-append-enabled()
hdfs-append-enabled(), Version 3.11 - 3.12, What is new in syslog-ng Open Source Edition 3.12?, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
hdfs, hdfs-append-enabled()
hdfs-file(), Version 3.11 - 3.12, What is new in syslog-ng Open Source Edition 3.12?, HDFS destination options, hdfs-file()
hdfs-max-filename-length, hdfs-max-filename-length()
hdfs-option-kerberos-keytab-file(), kerberos-principal()
hdfs-option-kerberos-principal(), kerberos-keytab-file()
hdfs-uri(), HDFS destination options
header(), smtp: Generating SMTP messages (e-mail) from logs, header(), header()
HOST, keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), netmask(), netmask6(), keep-hostname(), keep-hostname(), keep-hostname(), Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values, Setting multiple message fields to specific values
host, Using the sql() driver with an Oracle database
host(), smtp: Generating SMTP messages (e-mail) from logs, Junctions and channels, Using wildcards, special characters, and regular expressions in filters, Optimizing regular expressions, Parsing syslog messages
HOST_FROM, Hard vs. soft macros
HOUR, time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), Date-related macros, Hard vs. soft macros, time-zone()
HOUR12, Date-related macros
http, Posting messages over HTTP, Posting messages over HTTP, Posting messages over HTTP, HTTP destination options, class-name(), client-lib-dir(), http: Posting messages over HTTP without Java, http: Posting messages over HTTP without Java, http: Posting messages over HTTP without Java, HTTP destination options
http(), Version 3.9 - 3.10, Installing syslog-ng, Compiling options of syslog-ng OSE, http: Posting messages over HTTP without Java, Splunk: Sending log messages to Splunk, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Installing syslog-ng, Compiling options of syslog-ng OSE
http-auth-type-basic-password, http-auth-type(), http-auth-type-basic-username()
http-auth-type-basic-username, http-auth-type(), http-auth-type-basic-password()

I

in-list, inlist()
in-list filter, inlist()
indenting multi-line messages, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
index(), Elasticsearch destination options, Elasticsearch2 destination options
indexes, indexes()
indexes(), indexes()
info, level() or priority()
inherit-environment(), Version 3.7 - 3.8
inherit-mode, What's new in the syslog-ng pattern database format V5, Children
inherit-properties, Version 3.6 - 3.7, Triggering actions for identified messages, Actions and message correlation, Actions and message correlation, Actions and message correlation, What's new in the syslog-ng pattern database format V5, Example, Example
init, Methods of the python() parser
init (self, options), Methods of the python() parser
init(), Methods of the python() parser
inject-mode(), Triggering actions for identified messages, inject-mode(), inject-mode()
inotify, monitor-method()
installing syslog-ng, Installing syslog-ng
installing syslog-ng OSE from source, Installing syslog-ng
int, Specifying data types in value-pairs
int32, Specifying data types in value-pairs
int64, Specifying data types in value-pairs
internal, internal: Collecting internal messages, Triggering actions for identified messages, inject-mode()
internal(), internal: Collecting internal messages, internal() source options, elasticsearch: Sending messages directly to Elasticsearch version 1.x, on-error(), on-error(), on-error(), elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, on-error(), on-error(), on-error(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), on-error(), on-error(), on-error(), kafka: Publishing messages to Apache Kafka, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), Triggering actions for identified messages, Triggering actions for identified messages, Children, inject-mode(), inject-mode(), Statistics of syslog-ng
ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol()
IPv6
filtering, netmask6()
ISODATE, Date-related macros, Hard vs. soft macros

K

kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, How syslog-ng OSE interacts with Apache Kafka, Kafka destination options, client-lib-dir(), properties-file()
kafka(), kafka: Publishing messages to Apache Kafka, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
kafka-bootstrap-servers, properties-file()
kafka-bootstrap-servers(), Kafka destination options
keep-alive, keep-alive(), keep-alive(), keep-alive(), keep-alive(), keep-alive()
keep-alive(), program: Sending messages to external applications
keep-hostname(), Configuring syslog-ng relays, How relaying log messages works, How relaying log messages works, use-dns(), use-fqdn(), use-dns(), use-fqdn(), keep-hostname(), use-fqdn(), chain-hostnames(), dns-cache(), normalize-hostnames(), use-dns(), use-fqdn(), Templates and macros, FULLHOST, FULLHOST, FULLHOST, HOST, HOST, HOST
keep-timestamp(), Timezones and daylight saving, keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), Date-related macros
keep-timestamp(no), system: Collecting the system-specific log messages of a platform
keep_alive(), keep-alive()
keep_hostname(), keep-hostname()
kerberos
hdfs, kerberos-keytab-file(), kerberos-principal()
kern, file: Collecting messages from text files, FACILITY
kernel, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
key(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), mongodb: Storing messages in a MongoDB database, type(), Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, key()
key-file(), cert-file(), cert-file(), type(), type(), type(), cert-file(), pkcs12-file()
key-value pairs, Parsing key=value pairs
key=value pairs, Parsing key=value pairs
key_file(), key-file(), key-file(), key-file()
klogd, Notes on reading kernel messages, Notes on reading kernel messages
kmsg, Notes on reading kernel messages, system: Collecting the system-specific log messages of a platform
ksymoops, Notes on reading kernel messages
kv-parser, Options of key=value parsers
kv-parser(), Parsing key=value pairs

L

last-message, Children, Children, aggregate()
LEGACY_MSGHDR, Hard vs. soft macros
LEVEL, Hard vs. soft macros
level(), level() or priority()
LEVEL_NUM, Hard vs. soft macros
libdbi, Compiling options of syslog-ng OSE
libmaxminddb, Compiling options of syslog-ng OSE
libopenssl, Compiling options of syslog-ng OSE
libpcre, Installing syslog-ng
libsystemd-daemon, Compiling options of syslog-ng OSE
libwrap, Compiling options of syslog-ng OSE
Linux Audit Parser, The Linux Audit Parser
linux-audit-parser(), The Linux Audit Parser, The Linux Audit Parser, Options of linux-audit-parser() parsers, Options of linux-audit-parser() parsers
list-append, List manipulation
list-concat, List manipulation
list-count, List manipulation
list-head, List manipulation
list-nth, List manipulation
list-slice, List manipulation
list-tail, List manipulation
listen-backlog(), listen-backlog(), listen-backlog(), listen-backlog()
literal, Specifying data types in value-pairs
local time, The HEADER message part, The HEADER message part
local-time-zone(), Compiling options of syslog-ng OSE
localip(), network: Collecting messages using the RFC3164 protocol (network() driver)
log, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
log messages, representation, Message representation in syslog-ng OSE
log messages, structure, The structure of a log message
BSD-syslog protocol, BSD-syslog or legacy-syslog messages
IETF-syslog protocol, IETF-syslog messages
legacy-syslog protocol, BSD-syslog or legacy-syslog messages
RFC 3164, BSD-syslog or legacy-syslog messages
RFC 5424, IETF-syslog messages
log normalization, map-value-pairs: Rename value-pairs to normalize logs
log paths, Logging with syslog-ng, Log paths, syslog-ng.conf
defining, Log paths
flags, Log paths, Log path flags
flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control
log pipes
embedded log statements, Embedded log statements
log statements, Global objects
embedded, Embedded log statements
log paths, Logging with syslog-ng, syslog-ng.conf
log statistics, Statistics of syslog-ng
on unix-socket, Statistics of syslog-ng
log-disk-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering, Enabling normal disk-based buffering
log-fetch-limit(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng OSE
log-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Using disk-based and memory buffering, Enabling memory buffering
log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Multithreading concepts of syslog-ng OSE
log-msg-size(), Version 3.9 - 3.10, BSD-syslog or legacy-syslog messages, Message size and encoding, Notes about the configuration syntax, log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), systemd-journal: Collecting messages from the systemd-journal system log storage, log-msg-size(), Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database
log-msg-size(2Mb), Notes about the configuration syntax
logging procedure, Logging with syslog-ng
loggly, loggly: Using Loggly
loggly(), loggly: Using Loggly, loggly() destination options
logmatic, logmatic: Using Logmatic.io
logmatic(), logmatic: Using Logmatic.io, logmatic() destination options
logrotate, file: Storing messages in plain-text files
losing messages, Possible causes of losing log messages

M

macros, Global objects, Formatting messages, filenames, directories, and tablenames
date-related, Date-related macros
default value, Templates and macros
hard, Message representation in syslog-ng OSE
hard and soft macros, Hard vs. soft macros
in filenames, Templates and macros
patterndb tags, TAGS
read-only, Message representation in syslog-ng OSE
reference, Macros of syslog-ng OSE
rewritable, Message representation in syslog-ng OSE
SDATA, SDATA, .SDATA.SDID.SDNAME
soft, Message representation in syslog-ng OSE
make, Installing syslog-ng
manipulating tags (see modifying tags)
map fields, map-value-pairs: Rename value-pairs to normalize logs
map value-pairs, map-value-pairs: Rename value-pairs to normalize logs
map-value-pairs, map-value-pairs: Rename value-pairs to normalize logs
map-value-pairs(), map-value-pairs: Rename value-pairs to normalize logs
MapR, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MapR File System, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MapR-FS, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MARK, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode()
mark(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-freq, Actions and message correlation
mark-freq(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode()
mark_mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode()
match, Combining filters with boolean operators
match(), Combining filters with boolean operators, Using wildcards, special characters, and regular expressions in filters, match(), message(), Optimizing regular expressions, Optimizing regular expressions
max-connections(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, log-iw-size(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng OSE
max-field-size(), systemd-journal: Collecting messages from the systemd-journal system log storage, max-field-size()
max-files(), wildcard-file: Collecting messages from multiple text files, max-files()
maximal message size, log-msg-size()
max_connections(), max-connections()
max_field_size(), max-field-size()
mbox, mbox: Converting local e-mail messages to log messages
mbox(), mbox: Converting local e-mail messages to log messages, mbox: Converting local e-mail messages to log messages, mbox: Converting local e-mail messages to log messages, mbox: Converting local e-mail messages to log messages
mem-buf-length(), Normal and reliable queue files
mem-buf-size(), Flow-control and multiple destinations, Using disk-based and memory buffering
message, loggen
facilities, The PRI message part, The PRI message part
ID, SEQNUM
statistics, Statistics of syslog-ng
MESSAGE, Hard vs. soft macros
message classification, Using pattern databases, Using parser results in filters and templates, The syslog-ng pattern database format
message context, Correlating log messages using pattern databases
message correlation, Numerical operations, Correlating log messages using pattern databases, Correlating log messages
message counters, Statistics of syslog-ng
message encoding, Message size and encoding
message facilities, facility()
message filtering
using parsers, Using parser results in filters and templates
message loss, Possible causes of losing log messages
message parsing, Parsers and segmenting structured messages, Parsing syslog messages, Using pattern databases, Using parser results in filters and templates
message statistics, Statistics of syslog-ng, Statistics of syslog-ng
message templates, Formatting messages, filenames, directories, and tablenames
message triggers, Triggering actions for identified messages
message(), match()
Microsoft SQL
sql() configuration, Using the sql() driver with a Microsoft SQL database
Microsoft SQL Server configuration, Installing syslog-ng
MIN, Date-related macros, Hard vs. soft macros
modes of operation, Modes of operation
client mode, Client mode
relay mode, Relay mode
server mode, Server mode
modifying SDATA, Creating custom SDATA fields
modifying tags, Adding and deleting tags
modules, Modules in syslog-ng OSE, Loading modules
mongodb, mongodb: Storing messages in a MongoDB database (see type-casting)
failover, mongodb: Storing messages in a MongoDB database
replicasets, mongodb: Storing messages in a MongoDB database
mongodb(), Structuring macros, metadata, and other value-pairs, Specifying data types in value-pairs, value-pairs(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb() destination options, username() (DEPRECATED), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
monitoring, osquery: Collect and parse osquery result logs
MONTH, Date-related macros, Hard vs. soft macros
MONTH_ABBREV, Date-related macros, Hard vs. soft macros
MONTH_NAME, Date-related macros, Hard vs. soft macros
MONTH_WEEK, Date-related macros, Hard vs. soft macros
MSEC, Date-related macros
MSG, BSD-syslog or legacy-syslog messages, IETF-syslog messages, match(), message(), Hard vs. soft macros
MSGHDR, match()
MSGID, Hard vs. soft macros
msgid, Solaris, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
MSGONLY, Hard vs. soft macros
mssql, Using the sql() driver with a Microsoft SQL database, type()
MSSQL
sql() configuration, Using the sql() driver with a Microsoft SQL database, Using the sql() driver with a Microsoft SQL database
multi-line messages, multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-mode(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix()
multi-line-garbage(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix()
multi-line-mode, Version 3.5 - 3.6
multi-line-mode(), multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix()
multi-line-mode(indented), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), system: Collecting the system-specific log messages of a platform
multi-line-mode(prefix-garbage), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode()
multi-line-mode(prefix-suffix), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), The XML parser
multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-mode(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), The XML parser
multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), The XML parser
multiline
indented-multiline, system: Collecting the system-specific log messages of a platform
multiline messages (see multi-line messages)
multithreading in syslog-ng OSE, Multithreading and scaling in syslog-ng OSE
mutual authentication, Secure logging using TLS, Mutual authentication using TLS
myhost, Setting multiple message fields to specific values, Setting multiple message fields to specific values
MYSQL_UNIX_PORT, MySQL-specific interaction methods, host()

N

name, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Children
name resolution, General recommendations, Using name resolution in syslog-ng
local, Using name resolution in syslog-ng
NET-SNMP, snmptrap: Read Net-SNMP traps
Net-SNMP, snmptrap() source options
netmask(), host()
netmask6(), netmask6(), netmask6()
network, network: Collecting messages using the RFC3164 protocol (network() driver), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver)
network(), Version 3.6 - 3.7, Things to consider when forwarding messages between syslog-ng OSE hosts, network: Collecting messages using the RFC3164 protocol (network() driver), network() source options, ip-protocol(), nodejs: Receiving JSON messages from nodejs applications, ip-protocol(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, ts-format(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), graphite: Sending metrics to Graphite, ts-format(), ts-format(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), network() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ts-format(), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, mark-mode(), mark-mode(), mark-mode(), ts-format(), Managing incoming and outgoing messages with flow-control, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, ts-format(), Glossary
network(transport(tcp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng OSE hosts
network(transport(tcp)), Things to consider when forwarding messages between syslog-ng OSE hosts, Things to consider when forwarding messages between syslog-ng OSE hosts
network(transport(tls) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng OSE hosts
network(transport(tls)), Things to consider when forwarding messages between syslog-ng OSE hosts
network(transport(udp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng OSE hosts
network(transport(udp)), Things to consider when forwarding messages between syslog-ng OSE hosts, Things to consider when forwarding messages between syslog-ng OSE hosts
no-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-multi-line, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-parse, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
nobody, Setting multiple message fields to specific values
nodejs, nodejs: Receiving JSON messages from nodejs applications
nodejs(), nodejs: Receiving JSON messages from nodejs applications, nodejs: Receiving JSON messages from nodejs applications, nodejs() source options
none, http-auth-type(), Children, Children, aggregate()
normalize logs, map-value-pairs: Rename value-pairs to normalize logs
normalize-hostnames(), normalize-hostnames(), normalize-hostnames(), FULLHOST, HOST
normalize_hostnames(), normalize-hostnames(), normalize-hostnames()
notice, level() or priority()
NULL, MsSQL-specific interaction methods
null(), MsSQL-specific interaction methods, null(), null(), null()
number of open files, file() destination options
nv-pairs, value-pairs()

O

on-error, format-cef-extension
on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
optimizing regular expressions, Optimizing regular expressions
optimizing syslog-ng performance, Handling large message load
regular expressions, Optimizing regular expressions
options, Global objects, jvm-options(), jvm-options(), jvm-options(), jvm-options(), jvm-options()
reference, Global options
options(), Methods of the python() parser
or, Version 3.5 - 3.6
Oracle
sql() configuration, Using the sql() driver with an Oracle database, Using the sql() driver with an Oracle database
ORACLE_BASE, Using the sql() driver with an Oracle database
ORACLE_HOME, Using the sql() driver with an Oracle database
ORACLE_SID, Using the sql() driver with an Oracle database
osquery, osquery: Collect and parse osquery result logs, osquery: Collect and parse osquery result logs, osquery() source options
osquery(), osquery: Collect and parse osquery result logs, osquery: Collect and parse osquery result logs, osquery() source options
other, Statistics of syslog-ng
output buffer, Managing incoming and outgoing messages with flow-control, Configuring flow-control
output queue, Managing incoming and outgoing messages with flow-control, Using disk-based and memory buffering
overflow queue (see output buffer)
output buffer, Managing incoming and outgoing messages with flow-control
overriding facility, How sources work
overriding-original-program-name, Triggering actions for identified messages, Example, Example
overwrite-if-older(), overwrite-if-older()
overwrite_if_older(), overwrite-if-older()
owner(), owner(), owner()

P

pacct, pacct: Collecting process accounting logs on Linux
pacct(), Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE, Passing arguments to configuration blocks, pacct: Collecting process accounting logs on Linux, pacct: Collecting process accounting logs on Linux, pacct: Collecting process accounting logs on Linux, pacct: Collecting process accounting logs on Linux, pacct: Collecting process accounting logs on Linux, pacct: Collecting process accounting logs on Linux, pacct() options
compiling, Compiling options of syslog-ng OSE
pacctformat, pacct: Collecting process accounting logs on Linux
pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size()
PADD, loggen
padding, Version 3.5 - 3.6
padding(), padding
pair(), Structuring macros, metadata, and other value-pairs, value-pairs()
pair-separator(), extract-stray-words-into(), pair-separator()
Parameters, Typographical conventions
parameters
disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
log-disk-fifo-size(), Using disk-based and memory buffering
log-fetch-limit() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
log-fifo-size() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
log-iw-size() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
max-connections() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
parse(), Methods of the python() parser
parse(self, log_message), Methods of the python() parser
parser, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
parsers, Logging with syslog-ng, Global objects, Parsers and segmenting structured messages, Methods of the python() parser, Using pattern databases, Using parser results in filters and templates, syslog-ng.conf
apache-access-log-parser, The Apache Access Log Parser
apache-accesslog-parser, The Apache Access Log Parser
cisco, The Cisco Parser
correlating, Correlating messages using the grouping-by() parser
csv-parser, Parsing messages with comma-separated and similar values
date, Parsing dates and timestamps, Options of date-parser() parsers
geoip, Looking up GeoIP data from IP addresses (DEPRECATED), Options of geoip parsers
geoip2, Looking up GeoIP2 data from IP addresses, Options of geoip2 parsers
grouping-by(), Correlating messages using the grouping-by() parser
json-parser, The JSON parser
kv-parser, Parsing key=value pairs
linux-audit-parser, The Linux Audit Parser
map-value-pairs, map-value-pairs: Rename value-pairs to normalize logs
python, The Python Parser
syslog, Parsing syslog messages
xml-parser, The XML parser
parsing messages, Parsers and segmenting structured messages, Using pattern databases, Using parser results in filters and templates, Using pattern parsers
concepts of, Parsers and segmenting structured messages, Correlating log messages
filtering parsed messages, Using parser results in filters and templates
pass-unix-credentials(), pass-unix-credentials()
password, Version 3.5 - 3.6
path(), path() (DEPRECATED), servers() (DEPRECATED)
path.home, Client modes, client-mode(), client-mode(), Client modes, client-mode()
pattern database, Using pattern databases, Using parser results in filters and templates, The syslog-ng pattern database format, The syslog-ng pattern database format
concepts of, Classifying log messages
creating parsers, Using pattern parsers
discard unmatched messages, Using pattern databases
pattern matching precedence, How pattern matching works
structure of, The structure of the pattern database
using the results, Using parser results in filters and templates
pattern database schema, The syslog-ng pattern database format
pattern databases
correlating messages, Correlating log messages using pattern databases
pattern matching
procedure of, How pattern matching works
patterndb
download, Downloading sample pattern databases
payload, payload()
payload(), payload()
peer-verify, peer-verify()
peer_verify(), peer-verify(), peer-verify(), peer-verify()
performance
optimizing multithreading, Optimizing multithreaded performance
using multithreading, Multithreading and scaling in syslog-ng OSE
perm(), perm()
persist-name(), persist-name(), persist-name()
persist_only, use-dns(), use-dns(), use-dns(), Using name resolution in syslog-ng
pid, null()
PID, Hard vs. soft macros
pipe, pipe: Collecting messages from named pipes, pipe() source options, pipe: Sending messages to named pipes, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE
pipe(), flags(), optional(), flags(), optional(), flags(), pipe: Collecting messages from named pipes, pipe: Collecting messages from named pipes, pipe() source options, flags(), optional(), flags(), optional(), flags(), optional(), flags(), flags(), optional(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), pipe: Sending messages to named pipes, pipe() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags()
pkcs12-file(), What is new in syslog-ng Open Source Edition 3.12?, pkcs12-file(), pkcs12-file(), pkcs12-file()
plugins (see modules)
poll(), follow-freq(), follow-freq(), follow-freq(), follow-freq(), follow-freq(), time-sleep() (DEPRECATED)
polling files, monitor-method()
port(), tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, Client modes, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), smtp: Generating SMTP messages (e-mail) from logs, tcp(), tcp6(), udp(), and udp6() destination options
PostgreSQL
sql() configuration, sql: Storing messages in an SQL database
prefix, The Cisco Parser
prefix(), prefix(), prefix(), prefix(), prefix(), prefix(), Parsing key=value pairs, extract-stray-words-into(), prefix(), The JSON parser, prefix(), prefix(), prefix(), prefix(), prefix(), prefix(), prefix(), prefix(), prefix()
preventing message loss
flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
PRI, BSD-syslog or legacy-syslog messages, IETF-syslog messages, Hard vs. soft macros
PRIORITY, Hard vs. soft macros
process accounting, pacct: Collecting process accounting logs on Linux
processed, Statistics of syslog-ng, Statistics of syslog-ng
processing multi-line messages, multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix()
program, program: Receiving messages from external applications, program() source options, program: Sending messages to external applications, mark-mode()
PROGRAM, Hard vs. soft macros
program(), program: Receiving messages from external applications, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), program: Sending messages to external applications, program() destination options, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Splunk: Sending log messages to Splunk, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Using wildcards, special characters, and regular expressions in filters, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Optimizing regular expressions, External actions
program-override(), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED)
program_override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override()
properties-file, How syslog-ng OSE interacts with Apache Kafka
proto-template, ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format()
pseudofile(), pseudofile(), pseudofile() destination options
pseudonymization, hash, Replacing message parts
python, Methods of the python() parser
python parser, The Python Parser
p_apache_parser, Using channels in configuration objects

R

RCPTID, Hard vs. soft macros
read-old-records(), Version 3.11 - 3.12, What is new in syslog-ng Open Source Edition 3.12?, read-old-records(), read-old-records()
read-only macros, Message representation in syslog-ng OSE
reading messages
from external applications, program: Receiving messages from external applications
recursive, recursive()
recv-time-zone(), Timezones and daylight saving, A note on timezones and timestamps
redis, redis: Storing name-value pairs in Redis
redis(), redis: Storing name-value pairs in Redis, redis: Storing name-value pairs in Redis, redis() destination options, redis() destination options, redis() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Compiling options of syslog-ng OSE, Compiling options of syslog-ng OSE
regular expressions, Filters, Regular expressions, Optimizing regular expressions, Handling large message load
case-insensitive, Regular expressions
escaping, Regular expressions
pcre, pcre
posix, Using wildcards, special characters, and regular expressions in filters
rekey(), value-pairs(), value-pairs(), value-pairs(), value-pairs()
relay mode, Relay mode
relay-hostname-resolved-on-the-server, chain-hostnames()
reliable(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering, Using disk-based and memory buffering, Using disk-based and memory buffering
removing syslog-ng OSE, Uninstalling syslog-ng OSE
rename fields, map-value-pairs: Rename value-pairs to normalize logs
rename value-pairs, map-value-pairs: Rename value-pairs to normalize logs
replace(), value-pairs()
replacing message text, Modifying messages using rewrite rules
reply-to(), reply-to()
resource(), Client modes, Elasticsearch destination options, client-mode(), Client modes, Elasticsearch2 destination options, client-mode()
retries, Version 3.5 - 3.6, retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries()
retries(), How syslog-ng OSE interacts with Elasticsearch, flush-limit(), How syslog-ng OSE interacts with Elasticsearch, flush-limit(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), sync-send(), flush-lines()
reusing snippets, Reusing configuration blocks
rewritable macros, Message representation in syslog-ng OSE
rewrite, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
rewrite if, Conditional rewrites, Conditional rewrites
rewrite rules, Logging with syslog-ng, Global objects, Modifying messages using rewrite rules, syslog-ng.conf
rewriting
IP addresses, hash, Replacing message parts
rewriting messages, Modifying messages using rewrite rules
concepts of, Modifying messages using rewrite rules
conditional rewrites, Conditional rewrites, Conditional rewrites
rfc3164, value-pairs()
rfc5424, value-pairs()
riemann, riemann: Monitoring your data with Riemann
riemann(), riemann: Monitoring your data with Riemann, riemann: Monitoring your data with Riemann, riemann() destination options, flush-lines(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Compiling options of syslog-ng OSE
root, Reusing configuration blocks, Reusing configuration blocks, Managing complex syslog-ng configurations
rotating log files, file: Storing messages in plain-text files
routing-key(), amqp: Publishing messages using AMQP
R_UNIXTIME, A note on timezones and timestamps

S

safe-background, syslog-ng
safe-mode(), mongodb: Storing messages in a MongoDB database, safe-mode() (DEPRECATED)
safe_mode(), safe-mode() (DEPRECATED)
sanitize-utf8, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
scaling to multiple CPUs, Multithreading and scaling in syslog-ng OSE
scl
system() , system: Collecting the system-specific log messages of a platform
scope(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), value-pairs(), Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, scope()
SDATA, Hard vs. soft macros
SEC, Date-related macros, Hard vs. soft macros
secondary messages, Triggering actions for identified messages
sedding messages, Modifying messages using rewrite rules
segmenting messages, Parsing messages with comma-separated and similar values, Options of CSV parsers, Parsing key=value pairs, The JSON parser, The XML parser, The Apache Access Log Parser, The Cisco Parser, The Linux Audit Parser, The Python Parser
selected-macros, value-pairs()
selector(), Options add-contextual-data(), selector(), selector()
send-time-zone(), Timezones and daylight saving
sender(), from()
SEQNUM, Hard vs. soft macros
sequence ID, SEQNUM
sequence number, SEQNUM
Cisco, SEQNUM
server mode, Server mode
server(), Client modes, client-mode(), client-mode(), client-mode(), cluster-url(), Client modes, Client modes, Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), client-mode(), client-mode(), cluster-url(), server(), mongodb: Storing messages in a MongoDB database
server-hostname, chain-hostnames()
servers(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, path() (DEPRECATED), servers() (DEPRECATED)
session_statements(), session-statements()
set(), Version 3.7 - 3.8, Setting message fields to specific values
set-message-macro(), set-message-macro()
setting facility, How sources work
setting message fields, Setting message fields to specific values, Creating custom SDATA fields
setting multiple fields, Setting multiple message fields to specific values
silent building, Installing syslog-ng
silent rules (see silent building)
silently-drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
skipping messages, Dropping messages
smtp, smtp: Generating SMTP messages (e-mail) from logs
smtp(), Installing syslog-ng, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
compiling, Installing syslog-ng
snmp(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
snmptrap, snmptrap: Read Net-SNMP traps
snmptrap(), snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap() source options, set-message-macro()
snmptrapd, snmptrap: Read Net-SNMP traps
so-rcvbuf(), so-rcvbuf(), transport(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), so-rcvbuf(), transport(), system: Collecting the system-specific log messages of a platform, so-rcvbuf(), Possible causes of losing log messages, Handling large message load
SOCK_DGRAM, How sources work, How sources work, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
SOCK_STREAM, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
soft macros, Message representation in syslog-ng OSE, Hard vs. soft macros
Solaris msgid, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
source, The syslog-ng OSE configuration file, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
SOURCE, Hard vs. soft macros
source drivers, Global objects, How sources work
file() driver, file: Collecting messages from text files, file() source options, wildcard-file: Collecting messages from multiple text files
internal() driver, internal: Collecting internal messages, internal() source options
list of, How sources work, syslog-ng.conf
mbox() driver, mbox: Converting local e-mail messages to log messages
network() driver, network() source options
nodejs() driver, nodejs: Receiving JSON messages from nodejs applications, nodejs() source options
osquery() driver, osquery: Collect and parse osquery result logs, osquery() source options
pacct() driver, pacct: Collecting process accounting logs on Linux
pipe() driver, pipe: Collecting messages from named pipes, pipe() source options
program() driver, program: Receiving messages from external applications
reference, Collecting log messages — sources and source drivers
snmptrap() driver, snmptrap: Read Net-SNMP traps, snmptrap() source options
sun-streams() driver, sun-streams: Collecting messages on Sun Solaris, sun-streams() source options
syslog() driver, syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options
system() driver, system: Collecting the system-specific log messages of a platform
systemd-journal() driver, systemd-journal: Collecting messages from the systemd-journal system log storage
systemd-syslog() driver, systemd-syslog: Collecting systemd messages using a socket
tcp() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
tcp6() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
udp() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
udp6() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
unix-dgram() driver, unix-stream() and unix-dgram() source options
unix-stream() driver, unix-stream() and unix-dgram() source options
wildcard-file() driver, wildcard-file: Collecting messages from multiple text files, wildcard-file() source options
source(), Using embedded log statements
SOURCEIP, Hard vs. soft macros
sources, Logging with syslog-ng, Global objects, How sources work
defining, How sources work
on different platforms, How sources work
pacct(), Compiling options of syslog-ng OSE
SO_BROADCAST, so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast()
splitting messages, Parsing messages with comma-separated and similar values, Options of CSV parsers, Parsing key=value pairs, The JSON parser, The XML parser
spoof-source(), How relaying log messages works
spoof_source
compiling, Installing syslog-ng
sql, sql: Storing messages in an SQL database, Multithreading concepts of syslog-ng OSE
sql destinations, sql: Storing messages in an SQL database
SQL NULL values, null()
sql(), Sending and storing log messages — destinations and destination drivers, sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, sql() destination options, flags(), flags(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, syslog-ng.conf
compiling, Compiling options of syslog-ng OSE
ssl support
compiling, Compiling options of syslog-ng OSE
ssl-options, ssl-options()
ssl-options(), Version 3.6 - 3.7
sslv2, ssl-version()
sslv3, ssl-version()
ssl_options(), ssl-options()
STAMP, ts-format(), Date-related macros, Hard vs. soft macros
stamp, Statistics of syslog-ng
statistics, Statistics of syslog-ng, Statistics of syslog-ng
stats-level(), Statistics of syslog-ng, Statistics of syslog-ng
stats-lifetime(), Version 3.5 - 3.6
stdin, program: Sending messages to external applications, program() destination options
stomp, stomp: Publishing messages using STOMP
stomp(), Structuring macros, metadata, and other value-pairs, stomp: Publishing messages using STOMP, stomp: Publishing messages using STOMP, stomp: Publishing messages using STOMP, stomp() destination options, stomp() destination options, stomp() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
store-matches, Replacing message parts
stored, Statistics of syslog-ng
strace, Collecting debugging information with strace, truss, or tusc
STREAMS, How sources work, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, syslog-ng.conf
string, Specifying data types in value-pairs
string comparison, Comparing macro values in filters
strip-whitespace, flags(), flags()
strip-whitespaces, strip-whitespaces
strip-whitespaces(), The XML parser
STRUCTURED-DATA, IETF-syslog messages, SDATA, .SDATA.SDID.SDNAME
subject(), smtp: Generating SMTP messages (e-mail) from logs, subject()
subject_alt_name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
sun-streams, sun-streams: Collecting messages on Sun Solaris
sun-streams(), sun-streams: Collecting messages on Sun Solaris, sun-streams: Collecting messages on Sun Solaris, sun-streams() source options
supervising syslog-ng, syslog-ng
supported architectures, Supported platforms
supported operating systems, Supported platforms
suppress(), Statistics of syslog-ng
suppressed, Statistics of syslog-ng
sync-send, sync-send()
syslog, flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, flags(), flags(), Parsers and segmenting structured messages, flags(), Multithreading concepts of syslog-ng OSE
syslog(), Things to consider when forwarding messages between syslog-ng OSE hosts, The syslog-ng OSE quick-start guide, network: Collecting messages using the RFC3164 protocol (network() driver), ip-protocol(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options, ip-protocol(), ts-format(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), ts-format(), ts-format(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ts-format(), mark-mode(), mark-mode(), mark-mode(), ts-format(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, ts-format(), The XML parser, Glossary
syslog(transport(tcp)), Things to consider when forwarding messages between syslog-ng OSE hosts
syslog(transport(tls)), Things to consider when forwarding messages between syslog-ng OSE hosts
syslog(transport(udp)), Things to consider when forwarding messages between syslog-ng OSE hosts
syslog-ng
troubleshooting, Troubleshooting syslog-ng
syslog-ng clients
configuring, The syslog-ng OSE quick-start guide
syslog-ng relays
configuring, Configuring syslog-ng relays
syslog-ng servers
configuring, The syslog-ng OSE quick-start guide
syslog-ng-relay, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works
syslog-ng-server, How relaying log messages works, How relaying log messages works
syslog-ng.conf, The syslog-ng OSE configuration file
environmental variables, Global and environmental variables
global variables, Global and environmental variables
includes, Including configuration files
syslog-parser, Parsing syslog messages, Parsing syslog messages, Parsing syslog messages, Parsing syslog messages, Options of syslog-parser parsers
syslog-proto, value-pairs(), loggen
syslog-protocol, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), flags(), flags(), flags(), flags(), flags(), flags()
syslogd, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, template(), template(), template(), template(), template(), template(), template(), template(), template(), template()
system, system: Collecting the system-specific log messages of a platform
system(), sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, UNIX credentials and other metadata, loggly: Using Loggly, logmatic: Using Logmatic.io
systemd, system: Collecting the system-specific log messages of a platform
compiling, Compiling options of syslog-ng OSE
systemd-journal, systemd-journal: Collecting messages from the systemd-journal system log storage
systemd-journal(), Version 3.11 - 3.12, What is new in syslog-ng Open Source Edition 3.12?, system: Collecting the system-specific log messages of a platform, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal() source options
systemd-syslog, systemd-syslog: Collecting systemd messages using a socket
systemd-syslog(), systemd-syslog: Collecting systemd messages using a socket, systemd-syslog: Collecting systemd messages using a socket
s_apache, Using channels in configuration objects
S_UNIXTIME, A note on timezones and timestamps

T

table, sql: Storing messages in an SQL database
table(), sql: Storing messages in an SQL database
TAG, Hard vs. soft macros
tagging messages, Tagging messages
tags, Tagging messages
as macro, TAGS
TAGS, Hard vs. soft macros
tags(), Message representation in syslog-ng OSE, tags(), Tagging messages, tags(), tags(), Using parser results in filters and templates, Using parser results in filters and templates
tcp, flags(), listen-backlog(), flags(), listen-backlog(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, listen-backlog(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Optimizing multithreaded performance
tcp(), Version 3.6 - 3.7, Things to consider when forwarding messages between syslog-ng OSE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, loggly: Using Loggly, loggly() destination options, logmatic: Using Logmatic.io, logmatic() destination options, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
tcp-keepalive-intvl(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time() + tcp-keepalive-intvl() * tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
tcp6(), Version 3.6 - 3.7, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
TCP_KEEPCNT, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPIDLE, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPINTVL, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
template, The syslog-ng OSE configuration file, syslog-ng.conf
template functions, Using template functions
embedding, if
template(), The JSON parser, The XML parser, The Linux Audit Parser
template-escape(), Templates and macros, Templates and macros
templates, Global objects, Formatting messages, filenames, directories, and tablenames, Templates and macros
defining, Templates and macros
escaping, Templates and macros
example, Templates and macros
literal $, Templates and macros
template functions, Using template functions
threaded, flags(), flags(), flags(), Configuring multithreading
threaded(), Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE, Multithreading concepts of syslog-ng OSE
threading, Multithreading and scaling in syslog-ng OSE
throttle, Version 3.5 - 3.6, Possible causes of losing log messages
Thu, WEEK_DAY_ABBREV, C_WEEK_DAY_ABBREV, R_WEEK_DAY_ABBREV, S_WEEK_DAY_ABBREV
time-reap(), file: Storing messages in plain-text files
time-reopen(), How syslog-ng OSE interacts with Elasticsearch, How syslog-ng OSE interacts with Elasticsearch, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), The way syslog-ng interacts with the database, The way syslog-ng interacts with the database, The way syslog-ng interacts with the database
time-stamp(), time-stamp()
time-stamp(recvd), Parsing dates and timestamps
time-zone(), Timezones and daylight saving, Timezones and daylight saving, Compiling options of syslog-ng OSE, Date-related macros, time-zone(), time-zone()
timeout(), Correlating messages using the grouping-by() parser, timeout()
timestamp, A note on timezones and timestamps, The HEADER message part, The HEADER message part, General recommendations
timestamp(), time-stamp()
timezone
in chroots, Best practices and examples
timezone(), time-zone()
timezones, Timezones and daylight saving, A note on timezones and timestamps
TLS, network() source options, syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options, Secure logging using TLS
configuring, Encrypting log messages with TLS, Mutual authentication using TLS
reference, TLS options
tls, flags(), listen-backlog(), flags(), listen-backlog(), listen-backlog(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol
tls(), Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options
tlsv1, ssl-version()
tlsv1_0, ssl-version()
tlsv1_1, ssl-version()
tlsv1_2, ssl-version()
to(), smtp: Generating SMTP messages (e-mail) from logs, to()
Tomcat logs, multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix()
topic(), Kafka destination options
transport layer security
TLS, Secure logging using TLS
transport(tls), TLS options
trigger, Attributes
trigger(), Correlating messages using the grouping-by() parser, trigger()
triggered messages, Triggering actions for identified messages
triggers, Triggering actions for identified messages
troubleshooting, Troubleshooting syslog-ng
core files, Troubleshooting syslog-ng
failure script, Troubleshooting syslog-ng
strace, Collecting debugging information with strace, truss, or tusc
syslog-ng, Troubleshooting syslog-ng, Troubleshooting syslog-ng
truss, Collecting debugging information with strace, truss, or tusc
tusc, Collecting debugging information with strace, truss, or tusc
truncating messages, Message size and encoding
truss, Collecting debugging information with strace, truss, or tusc
trusted-dn(), trusted-keys(), trusted-keys()
trusted-keys(), trusted-keys(), trusted-keys(), trusted-keys()
trusted_dn(), trusted-dn()
trusted_keys(), trusted-keys()
ts-format(), The HEADER message part, The HEADER message part, ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), STAMP, R_STAMP, S_STAMP, ts-format()
tusc, Collecting debugging information with strace, truss, or tusc
type(), Elasticsearch destination options, Elasticsearch2 destination options, sql: Storing messages in an SQL database, Using wildcards, special characters, and regular expressions in filters, Using wildcards, special characters, and regular expressions in filters, Replacing message parts, Types and options of regular expressions, pcre
type-casting, Specifying data types in value-pairs, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
type-hinting, Specifying data types in value-pairs
typecasting (see type-casting)
TZ, Date-related macros, Hard vs. soft macros
TZOFFSET, Date-related macros, Hard vs. soft macros
tztab, Compiling options of syslog-ng OSE

U

udp, ip() or localip(), ip() or localip(), ip() or localip(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Multithreading concepts of syslog-ng OSE
udp(), Version 3.6 - 3.7, Things to consider when forwarding messages between syslog-ng OSE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
udp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp6(), Version 3.6 - 3.7, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
ulimit, file() destination options, file() destination options
unicode, pcre
uninstalling syslog-ng OSE, Uninstalling syslog-ng OSE
UNIX credentials, UNIX credentials and other metadata
unix-dgram, How sources work, optional(), optional(), optional(), optional(), optional(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-dgram(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, UNIX credentials and other metadata, unix-stream() and unix-dgram() source options, keep-alive(), max-connections(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode()
unix-stream, How sources work, optional(), optional(), listen-backlog(), optional(), optional(), optional(), listen-backlog(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, listen-backlog(), optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-stream(), The syslog-ng OSE configuration file, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, UNIX credentials and other metadata, unix-stream() and unix-dgram() source options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), syslog-ng.conf
UNIXTIME, Date-related macros, Hard vs. soft macros
unknown, Using parser results in filters and templates
unsetting message fields, Unsetting message fields
uri(), database() (DEPRECATED), password() (DEPRECATED), path() (DEPRECATED), safe-mode() (DEPRECATED), servers() (DEPRECATED), username() (DEPRECATED)
url(), HTTP destination options
use-dns(), How relaying log messages works, keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), FULLHOST, FULLHOST_FROM, FULLHOST_FROM, HOST, HOST_FROM, HOST_FROM, Using name resolution in syslog-ng
use-fqdn(), FULLHOST, FULLHOST_FROM, HOST, HOST_FROM
use-rcptid, use-rcptid() , RCPTID
use-uniqid(), custom-id(), custom-id(), use-uniqid()
USEC, Date-related macros
user, wildcard-file: Collecting messages from multiple text files
user@example.com, @EMAIL@, @EMAIL@, @EMAIL@
useracct, pdbtool
username, Version 3.5 - 3.6
usertty, usertty: Sending messages to a user terminal — usertty() destination
usertty(), usertty: Sending messages to a user terminal — usertty() destination, Handling large message load
use_dns(), keep-hostname()
use_uniqid(), use-uniqid()
UTC, A note on timezones and timestamps

X

XML parsers, The XML parser
xml(), The XML parser
xmllint, The XML parser
xml_parser, The XML parser
xx:xx:xx:..., @LLADDR@