source: Read, receive, and collect log messages

How sources work

Collect native macOS system logs

default-network-drivers: Receive and parse common syslog messages

internal: Collect internal messages

file: Collect messages from text files

wildcard-file: Collect messages from multiple text files

Hypr Audit Trail and Hypr App Audit Trail

linux-audit: Collect messages from Linux audit logs

kubernetes: Collect and parse the Kubernetes CRI (Container Runtime Interface) format

mbox: Convert local email messages to log messages

mqtt: receiving messages from an MQTT broker

network: Collect messages using the RFC3164 protocol (network() driver)

nodejs: Receive JSON messages from nodejs applications

osquery: Collect and parse osquery result logs

Receive logs, metrics, and traces from OpenTelemetry

pacct: Collect process accounting logs on Linux

Pi-hole Faster Than Light logs

pipe: Collect messages from named pipes

program: Receive messages from external applications

python: writing server-style Python sources

python-fetcher: writing fetcher-style Python sources

qBittorrent logs

snmptrap: Read Net-SNMP traps

sun-streams: Collect messages on Sun Solaris

syslog: Collect messages using the IETF-syslog protocol

syslog-ng-otlp(): Receive logs from another node using OpenTelemetry

system: Collect the system-specific log messages of a platform

systemd-journal: Collect messages from the systemd-journal system log storage

systemd-syslog: Collect systemd messages using a socket

tcp, tcp6, udp, udp6: OBSOLETE - Collect messages from remote hosts using the BSD syslog protocol

unix-stream, unix-dgram: Collect messages from UNIX domain sockets

stdin: Collect messages from the standard input stream