Back to listing

Syslog and ArcSight output plugin 2.5.x, 3.0.0 compatiblie

Plugin Graylog syslog output 4.0.8

Customizable, production ready syslog and ArcSight output plugin for Graylog2



05 Jun 11:21

Last Push

27 Aug 05:12

Marketplace Rating



Your Rating

Please sign in to rate this add-on.


huksley over 2 years ago

Hi all! Please use GitHub issues to comment and report issues, this page are not monitored, thanks!

Yall1963 about 3 years ago

Is it possible to forward messages to another syslog sink using this plugin?
I've tried this using the "structured" message format. Unfortunately the orginal full syslog message is written into the new message content whereas new syslog field (application_name, source and so on) are added according to the graylog server itself.

adamsh25 about 3 years ago


I have issues with UTF-8 support, syslog messages with rfc5424 must contain the (BOM) prefix:
" If a syslog application encodes MSG in UTF-8, the string MUST start
with the Unicode byte order mask (BOM), which for UTF-8 is ABNF
%xEF.BB.BF. The syslog application MUST encode in the "shortest
form" and MAY use any valid UTF-8 sequence."

f.g the German letter won't be supported - because the message data will be decoded to ASCII and not to UTF-8, exploring Wireshark packet sent with this plugin output stream, will result in a message that do not have the (POM) prefix.

Thank you,

githubkatten over 3 years ago

Hi all!
Have anyone tried this on Graylog 2.4.3?
BR Andreas

vsegdacocacola over 3 years ago

Awesome plugin!
It would be great to replace deviceVendor/deviceProduct with ones presented in actual message (if any).

huksley over 4 years ago

Hi @951tinman, implemented in latest version. Check it out on github!

951tinman about 5 years ago

It would be awesome if this could have an encrypted TCP (TLS) connection parameter set for the TCP choice. (Graylog 2.1.1)

madchap over 5 years ago


I can see the output show up in the dropdown box, but there is no box to configure it when you want to launch it, except for the name and prefix. Nothing about protocol, host, port or format.

I am running Graylog 1.3.4.


Please sign in to comment.

Back to listing