Syslog

The Syslog connector bridges the gap between system log streams and analytical workflows. It allows users to query Syslog-formatted files — such as operating system logs, application events, or network device telemetry — using standard SQL without the need for regex parsing, shell utilities, or specialized log management software.

At its core, the connector treats each Syslog entry as a structured record following the RFC 5424 standard, which defines fields such as timestamp, hostname, app-name, process ID, message ID, and the free-form message body. When you query a Syslog file, the connector automatically extracts and normalizes these elements, reconstructing the precise structure of each event and transforming what’s typically line-based text into data your query engine can reason about.

This connector is designed for both reliability and precision. With just a few lines of configuration, you can open raw system logs for real-time analysis or retrospective auditing. Yet, for advanced workflows — such as filtering by severity, correlating events across hosts, or parsing structured data embedded within the message field — you can fine-tune behavior using a rich set of options that control how Metaform interprets, normalizes, and enriches each RFC 5424-compliant record.