| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>ParseSyslog5424</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">ParseSyslog5424</h1><h2>Description: </h2><p>Attempts to parse the contents of a well formed Syslog message in accordance to RFC5424 format and adds attributes to the FlowFile for each of the parts of the Syslog message, including Structured Data.Structured Data will be written to attributes as one attribute per item id + parameter see https://tools.ietf.org/html/rfc5424.Note: ParseSyslog5424 follows the specification more closely than ParseSyslog. If your Syslog producer does not follow the spec closely, with regards to using '-' for missing header entries for example, those logs will fail with this parser, where they would not fail with ParseSyslog.</p><h3>Tags: </h3><p>logs, syslog, syslog5424, attributes, system, event, message</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values.</p><table id="properties"><tr><th>Display Name</th><th>API Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Character Set</strong></td><td>Character Set</td><td id="default-value">UTF-8</td><td id="allowable-values"></td><td id="description">Specifies which character set of the Syslog messages</td></tr><tr><td id="name"><strong>NIL Policy</strong></td><td>nil_policy</td><td id="default-value">NULL</td><td id="allowable-values"><ul><li>OMIT <img src="../../../../../html/images/iconInfo.png" alt="The missing field will not have an attribute added." title="The missing field will not have an attribute added."></img></li><li>NULL <img src="../../../../../html/images/iconInfo.png" alt="The missing field will have an empty attribute added." title="The missing field will have an empty attribute added."></img></li><li>DASH <img src="../../../../../html/images/iconInfo.png" alt="The missing field will have an attribute added with the value of '-'." title="The missing field will have an attribute added with the value of '-'."></img></li></ul></td><td id="description">Defines how NIL values are handled for header fields.</td></tr><tr><td id="name">Include Message Body in Attributes</td><td>include_policy</td><td id="default-value">true</td><td id="allowable-values"><ul><li>true</li><li>false</li></ul></td><td id="description">If true, then the Syslog Message body will be included in the attributes.</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>Any FlowFile that is successfully parsed as a Syslog message will be to this Relationship.</td></tr><tr><td>failure</td><td>Any FlowFile that could not be parsed as a Syslog message will be transferred to this Relationship without any attributes being added</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>syslog.priority</td><td>The priority of the Syslog message.</td></tr><tr><td>syslog.severity</td><td>The severity of the Syslog message derived from the priority.</td></tr><tr><td>syslog.facility</td><td>The facility of the Syslog message derived from the priority.</td></tr><tr><td>syslog.version</td><td>The optional version from the Syslog message.</td></tr><tr><td>syslog.timestamp</td><td>The timestamp of the Syslog message.</td></tr><tr><td>syslog.hostname</td><td>The hostname or IP address of the Syslog message.</td></tr><tr><td>syslog.appname</td><td>The appname of the Syslog message.</td></tr><tr><td>syslog.procid</td><td>The procid of the Syslog message.</td></tr><tr><td>syslog.messageid</td><td>The messageid the Syslog message.</td></tr><tr><td>syslog.structuredData</td><td>Multiple entries per structuredData of the Syslog message.</td></tr><tr><td>syslog.sender</td><td>The hostname of the Syslog server that sent the message.</td></tr><tr><td>syslog.body</td><td>The body of the Syslog message, everything after the hostname.</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>System Resource Considerations:</h3>None specified.<h3>See Also:</h3><p><a href="../org.apache.nifi.processors.standard.ListenSyslog/index.html">ListenSyslog</a>, <a href="../org.apache.nifi.processors.standard.ParseSyslog/index.html">ParseSyslog</a>, <a href="../org.apache.nifi.processors.standard.PutSyslog/index.html">PutSyslog</a></p></body></html> |