Fluentd Logs

schema: Fluentd.Syslog3164
description: Fluentd syslog parser for the RFC3164 format (ie. BSD-syslog messages)
referenceURL: https://docs.fluentd.org/parser/syslog#rfc3164-log
fields:
    - name: pri
      description: Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.
      type: smallint
    - name: host
      required: true
      description: Hostname identifies the machine that originally sent the syslog message.
      type: string
      indicators:
        - hostname
    - name: ident
      required: true
      description: Appname identifies the device or application that originated the syslog message.
      type: string
    - name: pid
      description: ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.
      type: bigint
    - name: message
      required: true
      description: Message contains free-form text that provides information about the event.
      type: string
    - name: time
      required: true
      description: Timestamp of the syslog message in UTC.
      type: timestamp
      timeFormats:
        - '%Y-%m-%d %H:%M:%S %z'
      isEventTime: true
    - name: tag
      required: true
      description: Tag of the syslog message
      type: string

schema: Fluentd.Syslog5424
description: Fluentd syslog parser for the RFC5424 format (ie. BSD-syslog messages)
referenceURL: https://docs.fluentd.org/parser/syslog#rfc5424-log
fields:
    - name: pri
      description: Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.
      type: smallint
    - name: host
      required: true
      description: Hostname identifies the machine that originally sent the syslog message.
      type: string
      indicators:
        - hostname
    - name: ident
      required: true
      description: Appname identifies the device or application that originated the syslog message.
      type: string
    - name: pid
      required: true
      description: ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.
      type: bigint
    - name: msgid
      required: true
      description: MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic.
      type: string
    - name: extradata
      required: true
      description: ExtraData contains syslog structured data as string
      type: string
    - name: message
      required: true
      description: Message contains free-form text that provides information about the event.
      type: string
    - name: time
      required: true
      description: Timestamp of the syslog message in UTC.
      type: timestamp
      timeFormats:
        - '%Y-%m-%d %H:%M:%S %z'
      isEventTime: true
    - name: tag
      required: true
      description: Tag of the syslog message
      type: string