Syslog UDP Source Node
The syslogudp node listens on a UDP port and receives syslog-format messages, emitting each datagram as an record into the pipeline.
The source binds to a configurable host and port, accepts datagrams in RFC 3164 or RFC 5424 syslog format, and runs continuously until the pipeline is terminated. No connection state is maintained — each datagram is independent.
Key Features
- Stateless UDP listener: no connection management overhead — datagrams are received and queued immediately
- Format-agnostic ingestion: receives any UDP datagram and emits its raw payload — RFC 3164, RFC 5424, or other text — without parsing
- Configurable buffer and queue capacity: tune
bufferSizeandqueueCapacityfor high-volume environments - Infinite streaming: never exhausts — runs until the pipeline is terminated
Configuration
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
host | String | No | 0.0.0.0 | IP address to bind the UDP listener to |
port | int | No | 514 | UDP port to listen on |
bufferSize | int | No | 65535 | Maximum size in bytes of a single UDP datagram |
queueCapacity | int | No | 10000 | Internal queue size for received datagrams; datagrams are dropped when the queue is full |
encoding | String | No | UTF-8 | Character encoding for parsing the raw bytes of each datagram |
Syslog Formats
The node accepts messages in either of the two standard syslog formats:
- RFC 3164 (BSD syslog): the original syslog format, widely used by legacy systems and network devices. Messages follow the pattern
<PRIORITY>TIMESTAMP HOSTNAME TAG: MESSAGE. - RFC 5424 (modern syslog): the current IETF standard, adding structured data, message IDs, and a version field. Messages follow the pattern
<PRIORITY>VERSION TIMESTAMP HOSTNAME APP-NAME PROCID MSGID [STRUCTURED-DATA] MESSAGE.
The node does not parse or validate the syslog structure — each datagram's raw payload is emitted unchanged as the event's message field, regardless of format.
DAG Example
jobContext:
otherProperties: {}
metricTags: {}
dlqConfig:
dag:
- id: "source"
commandName: "syslogudp"
config:
host: "0.0.0.0"
port: 514
bufferSize: 65535
queueCapacity: 10000
encoding: "UTF-8"
outputs:
- "sink"
- id: "sink"
commandName: "stdout"
config:
encodingType: "JSON_OBJECT"
Related Nodes
- imapsource: Poll an IMAP mailbox and emit each email as an record
- kafkasource: Read messages from a Kafka topic