`syslog` subscriber

Forwards each event as a single compact-JSON syslog message.

Add to the subscribers block in config.yaml:

subscribers:
  syslog:
    enabled: true
    network: "tcp"             # "tcp" or "udp"
    address: "syslog-host:514"
    tag: "nf-data-connector"
    priority: "local0.info"
    buffer_size: 1000

Always serial — TCP syslog preserves order per connection. priority accepts standard facility.severity strings (e.g., local0.info, daemon.warning). For large events, prefer TCP — UDP has a ~2KB message limit.

Available fields and defaults

Field	Default	Description
`network`	`tcp`	`tcp` or `udp`
`address`	—	`host:port` of the syslog receiver
`tag`	`nf-data-connector`	Syslog program tag
`priority`	`local0.info`	`<facility>.<severity>`
`buffer_size`	`1000`	Subscriber channel capacity

:::warning Windows not supported

The syslog subscriber uses log/syslog from the Go standard library, which is unavailable on Windows. Enabling it on Windows returns an error at startup.

:::

See Common tuning for buffer_size semantics.

Available fields and defaults​

Available fields and defaults