schema:Syslog.RFC3164description:Syslog parser for the RFC3164 format (ie. BSD-syslog messages)referenceURL:https://tools.ietf.org/html/rfc3164fields: - name:priorityrequired:truedescription:Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.type:smallint - name:facilityrequired:truedescription:'Facility value helps determine which process created the message. Eg: 0 = kernel messages, 3 = system daemons.'type:smallint - name:severityrequired:truedescription:'Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug.'type:smallint - name:timestampdescription:Timestamp of the syslog message in UTC.type:timestamptimeFormats: - rfc3339 - '%b %d %H:%M:%S'isEventTime:true - name:hostnamedescription:Hostname identifies the machine that originally sent the syslog message.type:stringindicators: - hostname - name:appnamedescription:Appname identifies the device or application that originated the syslog message.type:string - name:prociddescription:ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.type:string - name:msgiddescription:MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic.type:string - name:messagedescription:Message contains free-form text that provides information about the event.type:string
schema:Syslog.RFC5424description:Syslog parser for the RFC5424 format.referenceURL:https://tools.ietf.org/html/rfc5424fields: - name:priorityrequired:truedescription:Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.type:smallint - name:facilityrequired:truedescription:'Facility value helps determine which process created the message. Eg: 0 = kernel messages, 3 = system daemons.'type:smallint - name:severityrequired:truedescription:'Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug.'type:smallint - name:versionrequired:truedescription:Version of the syslog message protocol. RFC5424 mandates that version cannot be 0, so a 0 value signals no version.type:int - name:timestampdescription:Timestamp of the syslog message in UTC.type:timestamptimeFormats: - rfc3339isEventTime:true - name:hostnamedescription:Hostname identifies the machine that originally sent the syslog message.type:stringindicators: - hostname - name:appnamedescription:Appname identifies the device or application that originated the syslog message.type:string - name:prociddescription:ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.type:string - name:msgiddescription:MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic.type:string - name:structured_datadescription:StructuredData provides a mechanism to express information in a well defined and easily parsable format.type:json - name:messagedescription:Message contains free-form text that provides information about the event.type:string