Sinks (HTTP/EventLog/Syslog)
Push logs to external systems. This chapter shows optional sinks you can enable as needed. The sample runs with console + file, and enables Local syslog by default (best on Linux/macOS). Comment out the Local syslog line if it doesn’t apply to your environment.
See the Logging guide for a broader list and options.
Full source
File: pwsh/tutorial/examples/5.5-Sinks-Advanced.ps1
<#
Sample demonstrating advanced sinks: HTTP, EventLog, and Syslog.
Notes:
- HTTP requires a reachable endpoint; left commented by default.
- EventLog typically needs admin rights and source setup; commented.
- Syslog requires a server; configure host/port as needed.
The script still runs standalone using console + file sinks.
FileName: 5.5-Sinks-Advanced.ps1
#>
param(
[int]$Port = 5000,
[IPAddress]$IPAddress = [IPAddress]::Loopback
)
$base = New-KrLogger |
Set-KrLoggerLevel -Value Information |
Add-KrSinkConsole |
Add-KrSinkFile -Path './logs/advanced-sinks.log' -RollingInterval Hour
# Optional: HTTP sink (uncomment and set URL)
# $base = $base | Add-KrSinkHttp -RequestUri 'http://localhost:9000/api/events' -BatchPostingLimit 50
# Optional: EventLog sink (requires admin; source/log must exist or be managed)
# $base = $base | Add-KrSinkEventLog -Source 'Kestrun' -LogName 'Application' -ManageEventSource
# Syslog example (choose one)
# $base = $base | Add-KrSinkSyslogUdp -Hostname '127.0.0.1' -Port 514 -AppName 'KestrunSample'
# $base = $base | Add-KrSinkSyslogTcp -Hostname '127.0.0.1' -Port 514 -AppName 'KestrunSample' -Format RFC3164
# Local syslog (Linux/macOS)
$base = $base | Add-KrSinkSyslogLocal -AppName 'KestrunSample'
$logger = $base | Register-KrLogger -Name 'advanced' -PassThru
New-KrServer -Name "Advanced Sinks"
Add-KrEndpoint -Port $Port -IPAddress $IPAddress
Enable-KrConfiguration
Add-KrMapRoute -Verbs Get -Path "/log" -ScriptBlock {
Write-KrLog -Logger $logger -Level Information -Message "Advanced sinks example"
Write-KrTextResponse -InputObject "ok" -StatusCode 200
}
# Start the server
Start-KrServer
# Clean up and close the logger when the server stops
Close-KrLogger -Logger $logger
Step-by-step
- Build a base logger with Console + File.
- Optionally enable (the sample enables Local syslog by default):
- HTTP sink: set a reachable endpoint.
- EventLog sink: requires admin rights and source/log configuration.
- Syslog sink: UDP/TCP/Local depending on your environment; Local is primarily for Linux/macOS.
- Register as
advanced; standard server + listener + PS runtime. - Apply config:
Enable-KrConfigurationto commit the listener/runtime. - Route
/logemits an Information event.
Try it
Save the sample locally so the log file is easy to find. Copy the contents of pwsh/tutorial/examples/5.5-Sinks-Advanced.ps1 into a new file in an empty working folder (for example, advanced-sinks.ps1), then run:
# From your working folder
pwsh .\advanced-sinks.ps1
curl http://127.0.0.1:5000/log
Get-Content .\logs\advanced-sinks.log -Tail 20
To test advanced sinks:
- HTTP: start a local receiver (e.g., a simple web API) and set
-RequestUri. - EventLog: run elevated and ensure the source/log exists or pass
-ManageEventSourceif supported. - Syslog (UDP/TCP): run a local syslog server and point the hostname/port accordingly.
- Syslog (Local): on Linux/macOS, Local syslog writes to the system log; on Windows, comment out the Local syslog line or use UDP/TCP instead.
Customizing
- Batch/format HTTP payloads using sink options.
- Change Syslog facility/format; change EventLog source/log.
- Enrich with app/environment properties for routing in external systems.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| HTTP requests fail | Unreachable endpoint | Verify URL; firewall; try a local receiver |
| No EventLog entries | Permissions/source issues | Run elevated; ensure source/log exist |
| Syslog not receiving | Wrong host/port/protocol | Match server settings; try UDP 514 or TCP 1468 |
| Local syslog not writing | Unsupported on OS or service | Use Linux/macOS or switch to UDP/TCP |
| Cannot delete/rename log file | Logger still open / file handle | Run Close-KrLogger; let the process exit |
References
- New-KrLogger
- Set-KrLoggerLevel
- Add-KrSinkFile
- Add-KrSinkConsole
- Add-KrSinkHttp
- Add-KrSinkEventLog
- Add-KrSinkSyslogUdp
- Add-KrSinkSyslogTcp
- Add-KrSinkSyslogLocal
- Register-KrLogger
- Write-KrLog
- Close-KrLogger
- New-KrServer
- Add-KrMapRoute
- Start-KrServer
Previous / Next
Go back to Sinks (Console/File/JSON) or continue to Hot Reload (Update Logger). Guide: Logging (Concepts)