Chat now with support
Chat with Support

syslog-ng Open Source Edition 3.16 - Release Notes

amqp() destination options

The amqp() driver publishes messages using the AMQP (Advanced Message Queuing Protocol).

The amqp() destination has the following options:

body()
Type: string
Default: empty string

Description: The body of the AMQP message. You can also use macros and templates.

ca-file()
Type: string
Default: N/A

Description: Name of a file, that contains the trusted CA certificate in PEM format. For example: ca-file("/home/certs/syslog-ng/tls/cacert.pem"). The syslog-ng OSE application uses this CA certificate to validate the certificate of the peer.

An alternative way to specify this option is to put into a tls() block and specify it there, together with any other TLS options. This allows you to separate these options and ensure better readability.

Declaration:
destination  d_ampqp {
    amqp(
        host("127.0.0.1")
        port(5672)
        username("test")
        password("test")
        tls(
            ca-file("ca")
            cert-file("cert") 
            key-file("key")
            peer-verify(yes|no)
        )
    );
};

Make sure that you specify TLS options either using their own dedicated option (ca-file(), cert-file(), key-file(), and peer-verify()), or using the tls() block and inserting the relevant options within tls(). Avoid mixing the two methods. In case you do specify TLS options in both ways, the one that comes later in the configuration file will take effect.

cert-file()
Accepted values: Filename
Default: none

Description: Name of a file, that contains an X.509 certificate (or a certificate chain) in PEM format, suitable as a TLS certificate, matching the private key set in the key-file() option. The syslog-ng OSE application uses this certificate to authenticate the syslog-ng OSE client on the destination server. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any other signing CAs in order.

An alternative way to specify this option is to put into a tls() block and specify it there, together with any other TLS options. This allows you to separate these options and ensure better readability.

Declaration:
destination  d_ampqp {
    amqp(
        host("127.0.0.1")
        port(5672)
        username("test")
        password("test")
        tls(
            ca-file("ca")
            cert-file("cert") 
            key-file("key")
            peer-verify(yes|no)
        )
    );
};

Make sure that you specify TLS options either using their own dedicated option (ca-file(), cert-file(), key-file(), and peer-verify()), or using the tls() block and inserting the relevant options within tls(). Avoid mixing the two methods. In case you do specify TLS options in both ways, the one that comes later in the configuration file will take effect.

disk-buffer()

Description: This option enables putting outgoing messages into the disk buffer of the destination to avoid message loss in case of a system failure on the destination side. It has the following options:

reliable()
Type: yes|no
Default: no

Description: If set to yes, syslog-ng OSE cannot lose logs in case of reload/restart, unreachable destination or syslog-ng OSE crash. This solution provides a slower, but reliable disk-buffer option. It is created and initialized at startup and gradually grows as new messages arrive. If set to no, the normal disk-buffer will be used. This provides a faster, but less reliable disk-buffer option.

 Caution:

Hazard of data loss! If you change the value of reliable() option when there are messages in the disk-buffer, the messages stored in the disk-buffer will be lost.
dir()
Type: string
Default: N/A

Description: Defines the folder where the disk-buffer files are stored.

 Caution:

When creating a new dir() option for a disk buffer, or modifying an existing one, make sure you delete the persist file.

syslog-ng OSE creates disk-buffer files based on the path recorded in the persist file. Therefore, if the persist file is not deleted after modifying the dir() option, then following a restart, syslog-ng OSE will look for or create disk-buffer files in their old location. To ensure that syslog-ng OSE uses the new dir() setting, the persist file must not contain any information about the destinations which the disk-buffer file in question belongs to.
disk-buf-size()
Type: number (bytes)
Default:

Description: This is a required option. The maximum size of the disk-buffer in bytes. The minimum value is 1048576 bytes. If you set a smaller value, the minimum value will be used automatically. It replaces the old log-disk-fifo-size() option.
mem-buf-length()
Type: number (messages)
Default: 10000
Description: Use this option if the option reliable() is set to no. This option contains the number of messages stored in overflow queue. It replaces the old log-fifo-size() option. It inherits the value of the global log-fifo-size() option if provided. If it is not provided, the default value is 10000 messages. Note that this option will be ignored if the option reliable() is set to yes.
mem-buf-size()
Type: number (bytes)
Default: 163840000
Description: Use this option if the option reliable() is set to yes. This option contains the size of the messages in bytes that is used in the memory part of the disk buffer. It replaces the old log-fifo-size() option. It does not inherit the value of the global log-fifo-size() option, even if it is provided. Note that this option will be ignored if the option reliable() is set to no.
qout-size()
Type: number (messages)
Default: 64
Description: The number of messages stored in the output buffer of the destination.

Options reliable() and disk-buf-size() are required options.

Example: Examples for using disk-buffer()

In the following case reliable disk-buffer() is used.

destination d_demo {
    network(
        "127.0.0.1"
        port(3333)
        disk-buffer(
            mem-buf-size(10000)
            disk-buf-size(2000000)
            reliable(yes)
            dir("/tmp/disk-buffer")
        )
    );
};

In the following case normal disk-buffer() is used.

destination d_demo {
    network(
        "127.0.0.1"
        port(3333)
           disk-buffer(
            mem-buf-length(10000)
            disk-buf-size(2000000)
            reliable(no)
            dir("/tmp/disk-buffer")
        )
    );
};
exchange()
Type: string
Default: syslog

Description: The name of the AMQP exchange where syslog-ng OSE sends the message. Exchanges take a message and route it into zero or more queues.

exchange-declare()
Type: yes|no
Default: no

Description: By default, syslog-ng OSE does not create non-existing exchanges. Use the exchange-declare(yes) option to automatically create exchanges.

exchange-type()
Type: direct|fanout|topic|headers
Default: fanout

Description: The type of the AMQP exchange.

hook-commands()

Description: This option makes it possible to execute external programs when the relevant driver is initialized or torn down. The hook-commands() can be used with all source and destination drivers with the exception of the usertty() and internal() drivers.

NOTE: The syslog-ng OSE application must be able to start and restart the external program, and have the necessary permissions to do so. For example, if your host is running AppArmor or SELinux, you might have to modify your AppArmor or SELinux configuration to enable syslog-ng OSE to execute external applications.

Using the hook-commands() when syslog-ng OSE starts or stops

To execute an external program when syslog-ng OSE starts or stops, use the following options:

startup()
Type: string
Default: N/A

Description: Defines the external program that is executed as syslog-ng OSE starts.

shutdown()
Type: string
Default: N/A

Description: Defines the external program that is executed as syslog-ng OSE stops.
Using the hook-commands() when syslog-ng OSE reloads

To execute an external program when the syslog-ng OSE configuration is initiated or torn down, for example, on startup/shutdown or during a syslog-ng OSE reload, use the following options:

setup()
Type: string
Default: N/A

Description: Defines an external program that is executed when the syslog-ng OSE configuration is initiated, for example, on startup or during a syslog-ng OSE reload.
teardown()
Type: string
Default: N/A

Description: Defines an external program that is executed when the syslog-ng OSE configuration is stopped or torn down, for example, on shutdown or during a syslog-ng OSE reload.
Example: Using the hook-commands() with a network source

In the following example, the hook-commands() is used with the network() driver and it opens an iptables port automatically as syslog-ng OSE is started/stopped.

The assumption in this example is that the LOGCHAIN chain is part of a larger ruleset that routes traffic to it. Whenever the syslog-ng OSE created rule is there, packets can flow, otherwise the port is closed.

source {
   network(transport(udp)
	hook-commands(
          startup("iptables -I LOGCHAIN 1 -p udp --dport 514 -j ACCEPT")
          shutdown("iptables -D LOGCHAIN 1")
        )
     );
};
host()
Type: hostname or IP address
Default: 127.0.0.1

Description: The hostname or IP address of the AMQP server.

key-file()
Accepted values: Filename
Default: none

Description: The name of a file that contains an unencrypted private key in PEM format, suitable as a TLS key. If properly configured, the syslog-ng OSE application uses this private key and the matching certificate (set in the cert-file() option) to authenticate the syslog-ng OSE client on the destination server.

An alternative way to specify this option is to put into a tls() block and specify it there, together with any other TLS options. This allows you to separate these options and ensure better readability.

Declaration:
destination  d_ampqp {
    amqp(
        host("127.0.0.1")
        port(5672)
        username("test")
        password("test")
        tls(
            ca-file("ca")
            cert-file("cert") 
            key-file("key")
            peer-verify(yes|no)
        )
    );
};

Make sure that you specify TLS options either using their own dedicated option (ca-file(), cert-file(), key-file(), and peer-verify()), or using the tls() block and inserting the relevant options within tls(). Avoid mixing the two methods. In case you do specify TLS options in both ways, the one that comes later in the configuration file will take effect.

password()
Type: string
Default: n/a

Description: The password used to authenticate on the AMQP server.

peer-verify()
Accepted values: yes | no
Default: yes

Description: Verification method of the peer. The following table summarizes the possible options and their results depending on the certificate of the peer.

 The remote peer has:
no certificate invalid certificate valid certificate
Local peer-verify() setting no (optional-untrusted) TLS-encryption TLS-encryption TLS-encryption
yes (required-trusted) rejected connection rejected connection TLS-encryption

For untrusted certificates only the existence of the certificate is checked, but it does not have to be valid — syslog-ng accepts the certificate even if it is expired, signed by an unknown CA, or its CN and the name of the machine mismatches.

 Caution:

When validating a certificate, the entire certificate chain must be valid, including the CA certificate. If any certificate of the chain is invalid, syslog-ng OSE will reject the connection.

An alternative way to specify this option is to put into a tls() block and specify it there, together with any other TLS options. This allows you to separate these options and ensure better readability.

Declaration:
destination  d_ampqp {
    amqp(
        host("127.0.0.1")
        port(5672)
        username("test")
        password("test")
        tls(
            ca-file("ca")
            cert-file("cert") 
            key-file("key")
            peer-verify(yes|no)
        )
    );
};

Make sure that you specify TLS options either using their own dedicated option (ca-file(), cert-file(), key-file(), and peer-verify()), or using the tls() block and inserting the relevant options within tls(). Avoid mixing the two methods. In case you do specify TLS options in both ways, the one that comes later in the configuration file will take effect.

persistent()
Type: yes|no
Default: yes

Description: If this option is enabled, the AMQP server or broker will store the messages on its hard disk. That way, the messages will be retained if the AMQP server is restarted, if the message queue is set to be durable on the AMQP server.

port()
Type: number
Default: 5672

Description: The port number of the AMQP server.

retries()
Type: number (of attempts)
Default: 3

Description: The number of times syslog-ng OSE attempts to send a message to this destination. If syslog-ng OSE could not send a message, it will try again until the number of attempts reaches retries, then drops the message.

routing-key()
Type: string
Default: empty string

Description: Specifies a routing key for the exchange. The routing key selects certain messages published to an exchange to be routed to the bound queue. In other words, the routing key acts like a filter. The routing key can include macros and templates.

throttle()
Type: number
Default: 0

Description: Sets the maximum number of messages sent to the destination per second. Use this output-rate-limiting functionality only when using disk-buffer as well to avoid the risk of losing messages. Specifying 0 or a lower value sets the output limit to unlimited.

username()
Type: string
Default: empty string

Description: The username used to authenticate on the AMQP server.

value-pairs()
Type: parameter list of the value-pairs() option
Default: 
scope("selected-macros" "nv-pairs")

Description: The value-pairs() option creates structured name-value pairs from the data and metadata of the log message. For details on using value-pairs(), see Structuring macros, metadata, and other value-pairs.

 NOTE:

Empty keys are not logged.

vhost()
Type: string
Default: /

Description: The name of the AMQP virtual host to send the messages to.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating