ParseSyslog
Description
Attempts to parses the contents of a Syslog message in accordance to RFC5424 and RFC3164 formats and adds attributes to the FlowFile for each of the parts of the Syslog message.Note: Be mindfull that RFC3164 is informational and a wide range of different implementations are present in the wild. If messages fail parsing, considering using RFC5424 or using a generic parsing processors such as ExtractGrok.
Tags
attributes, event, logs, message, syslog, system
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Character Set * | Character Set | UTF-8 | Specifies which character set of the Syslog messages |
Dynamic Properties
This component does not support dynamic properties.
Relationships
| Name | Description |
|---|---|
| failure | Any FlowFile that could not be parsed as a Syslog message will be transferred to this Relationship without any attributes being added |
| success | Any FlowFile that is successfully parsed as a Syslog message will be to this Relationship. |
Reads Attributes
This processor does not read attributes.
Writes Attributes
| Name | Description |
|---|---|
| syslog.body | The body of the Syslog message, everything after the hostname. |
| syslog.facility | The facility of the Syslog message derived from the priority. |
| syslog.hostname | The hostname or IP address of the Syslog message. |
| syslog.priority | The priority of the Syslog message. |
| syslog.sender | The hostname of the Syslog server that sent the message. |
| syslog.severity | The severity of the Syslog message derived from the priority. |
| syslog.timestamp | The timestamp of the Syslog message. |
| syslog.version | The optional version from the Syslog message. |
State Management
This component does not store state.
Restricted
This component is not restricted.
Input Requirement
This component requires an incoming relationship.
System Resource Considerations
This component does not specify system resource considerations.