axoflow · fekete-robert · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025
diff --git a/config/_default/config.toml b/config/_default/config.toml
@@ -173,6 +173,8 @@ description = "Documentation for AxoSyslog, the scalable security data processor
 name = "AxoSyslog"
 abbrev = "AxoSyslog"
 version = "4.18"
+# techversion includes patch version number, needed for install/image commands
+# configversion is needed in the config file examples
 techversion = "4.18.0"
 configversion = "4.18"
 syslog-ng = "syslog-ng"

diff --git a/content/chapter-configuration-file/configuration-syntax/_index.md b/content/chapter-configuration-file/configuration-syntax/_index.md
@@ -7,7 +7,7 @@ weight:  300
 Every `syslog-ng.conf` configuration file must begin with a line containing version information. For `syslog-ng` version {{% param "product.version" %}}, this line looks like:
 
 ```shell
-   @version: {{% param "product.techversion" %}}
+   @version: {{% param "product.configversion" %}}
 ```
 
 - If the configuration file does not contain the version information, `syslog-ng` assumes that the file is for version 2.x. In this case it interprets the configuration and sends warnings about the parts of the configuration that should be updated. Version 3.0 and later can operate with configuration files of version 2.x, but the default values of certain parameters have changed since 3.0.
@@ -18,7 +18,7 @@ Every `syslog-ng.conf` configuration file must begin with a line containing vers
 The following is a very simple configuration file for `syslog-ng`: it collects the internal messages of `syslog-ng` and the messages from `/dev/log` into the `/var/log/messages_syslog-ng.log` file.
 
 ```shell
-   @version: {{% param "product.techversion" %}}
+   @version: {{% param "product.configversion" %}}
     source s_local {
         unix-dgram("/dev/log"); internal();
     };

diff --git a/content/chapter-configuration-file/large-configs/config-blocks/_index.md b/content/chapter-configuration-file/large-configs/config-blocks/_index.md
@@ -46,7 +46,7 @@ Suppose you are running an application on your hosts that logs into the `/opt/va
 Include this file in your main `syslog-ng.conf` configuration file, reference the block, and use it in a logpath:
 
 ```shell
-   @version: {{% param "product.techversion" %}}
+   @version: {{% param "product.configversion" %}}
     @include "<correct/path>/myblocks.conf"
     source s_myappsource { myappsource(); };
     ...

diff --git a/content/chapter-configuration-file/large-configs/including-config-files/_index.md b/content/chapter-configuration-file/large-configs/including-config-files/_index.md
@@ -29,7 +29,7 @@ When including configuration files, consider the following points:
   - Include statements can only be used at top level of the configuration file. For example, the following is correct:
 
     ```shell
-        @version: {{% param "product.techversion" %}}
+        @version: {{% param "product.configversion" %}}
         @include "example.conf"
 
     ```

diff --git a/content/chapter-destinations/azure-monitor/_index.md b/content/chapter-destinations/azure-monitor/_index.md
@@ -4,6 +4,7 @@ linktitle: "azure-monitor: Azure Monitor and Sentinel"
 weight:  150
 driver: "azure-monitor()"
 short_description: "Send messages to Azure Monitor and Sentinel"
+type: http
 ---
 <!-- This file is under the copyright of Axoflow, and licensed under Apache License 2.0, except for using the Axoflow and AxoSyslog trademarks. -->
 
@@ -30,6 +31,9 @@ For details, see the [Tutorial: Send data to Azure Monitor Logs with Logs ingest
 The `azure-monitor()` driver sends data to the built-in tables of Azure Monitor. The body of the message (`${MESSAGE}`) must be in JSON format. The keys in the JSON array must have the same names as the columns of the table (you can use [`format-json`]({{< relref "/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md#template-function-format-json" >}}) or ['FilterX`]({{< relref "/filterx/_index.md" >}})). If a field is empty, or Azure cannot parse it, it will be blank. The following example sends data to the [syslog table](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/syslog).
 
 ```sh
+@include "scl.conf"
+# ...
+
 destination d_azure {
   azure-monitor(
     stream-name("syslog")

diff --git a/content/chapter-destinations/configuring-destinations-redis/_index.md b/content/chapter-destinations/configuring-destinations-redis/_index.md
@@ -41,7 +41,7 @@ The following destination counts the number of log messages received per host.
 The following example creates a statistic from Apache webserver logs about the browsers that the visitors use (per minute)
 
 ```shell
-   @version: {{% param "product.techversion" %}}
+   @version: {{% param "product.configversion" %}}
 
     source s_apache {
         file("/var/log/apache2/access.log");

diff --git a/content/chapter-destinations/configuring-destinations-riemann/_index.md b/content/chapter-destinations/configuring-destinations-riemann/_index.md
@@ -28,7 +28,7 @@ For the list of available parameters, see {{% xref "/chapter-destinations/config
 The following destination sends the value of the SEQNUM macro (the number of messages sent to this destination) as a metric to the Riemann server.
 
 ```shell
-   @version: {{% param "product.techversion" %}}
+   @version: {{% param "product.configversion" %}}
 
     source s_network {
         network(port(12345));

diff --git a/content/chapter-destinations/configuring-destinations-telegram/_index.md b/content/chapter-destinations/configuring-destinations-telegram/_index.md
@@ -3,38 +3,41 @@ title: "telegram: Send messages to Telegram"
 weight:  7100
 driver: "telegram()"
 short_description: "Send messages to Telegram"
+type: http
 ---
 <!-- DISCLAIMER: This file is based on the syslog-ng Open Source Edition documentation https://github.com/balabit/syslog-ng-ose-guides/commit/2f4a52ee61d1ea9ad27cb4f3168b95408fddfdf2 and is used under the terms of The syslog-ng Open Source Edition Documentation License. The file has been modified by Axoflow. -->
 
 The `telegram()` destination sends log messages to [Telegram](https://core.telegram.org/ "https://core.telegram.org"), which is a secure, cloud-based mobile and desktop messaging app.
 
 Note that this destination automatically uses the certificate store of the system (for details, see the [curl documentation](https://curl.se/docs/sslcerts.html)).
 
-
 ## Declaration:
 
 ```shell
-   telegram(parameters);
-```
+@include "scl.conf"
+# ...
 
+telegram(parameters);
+```
 
 {{% include-headless "chunk/destination-http-proxy-settings.md" %}}
 
-
 ## Example: Using the telegram() driver {#example-destination-mongodb}
 
 The following example creates a `telegram()` destination.
 
 ```shell
-   destination d_telegram {
-        telegram(
-            template("${MESSAGE}")
-            throttle(1)
-            parse-mode("markdown")
-            disable-web-page-preview("true")
-            bot-id("<bot id>")
-            chat-id("<chat id>")
-        );
-    };
+@include "scl.conf"
+# ...
+
+destination d_telegram {
+    telegram(
+        template("${MESSAGE}")
+        throttle(1)
+        parse-mode("markdown")
+        disable-web-page-preview("true")
+        bot-id("<bot id>")
+        chat-id("<chat id>")
+    );
+};
 ```
-
diff --git a/content/chapter-destinations/crowdstrike-falcon/_index.md b/content/chapter-destinations/crowdstrike-falcon/_index.md
@@ -4,6 +4,7 @@ linktitle: "logscale: Send messages to Falcon LogScale"
 weight:  2950
 driver: "logscale()"
 short_description: "Send messages to Falcon LogScale"
+type: http
 ---
 <!-- This file is under the copyright of Axoflow, and licensed under Apache License 2.0, except for using the Axoflow and AxoSyslog trademarks. -->
 
@@ -20,6 +21,9 @@ The `logscale()` destination feeds LogScale via the [Ingest Structured Data API]
 Minimal configuration:
 
 ```sh
+@include "scl.conf"
+# ...
+
 destination d_logscale {
   logscale(
     token("your-logscale-ingest-token")

diff --git a/content/chapter-destinations/destination-discord/_index.md b/content/chapter-destinations/destination-discord/_index.md
@@ -3,54 +3,52 @@ title: "discord: Send alerts and notifications to Discord"
 weight:  500
 driver: "discord()"
 short_description: "Send alerts and notifications to Discord"
+type: http
 ---
 <!-- DISCLAIMER: This file is based on the syslog-ng Open Source Edition documentation https://github.com/balabit/syslog-ng-ose-guides/commit/2f4a52ee61d1ea9ad27cb4f3168b95408fddfdf2 and is used under the terms of The syslog-ng Open Source Edition Documentation License. The file has been modified by Axoflow. -->
 
 The `discord()` destination driver sends messages to [Discord](https://discord.com/) using [Discord Webhook](https://discord.com/developers/resources/webhook). For the list of available optional parameters, see Discord destination options.
 
 Available in {{% param "product.abbrev" %}} version 3.33 and later.
 
-
 ## Declaration:
 
 ```shell
-   destination {
-        discord(url("https://discord.com/api/webhooks/x/y"));
-    };
+@include "scl.conf"
+# ...
+
+destination {
+    discord(url("https://discord.com/api/webhooks/x/y"));
+};
 ```
 
 By default the message sending is throttled to 5 message/sec, see [Discord: Rate Limits](https://discord.com/developers/topics/rate-limits#global-rate-limit). To change this, use the `throttle()` option.
 
 To use this destination, the `scl.conf` file must be included in your {{% param "product.abbrev" %}} configuration:
 
 ```shell
-   @include "scl.conf"
+@include "scl.conf"
 ```
 
 The `discord()` driver is actually a reusable configuration snippet configured to send log messages using the `http()` driver. For details on using or writing such configuration snippets, see Reusing configuration blocks. You can find the source of this configuration snippet on GitHub.
 
-
-
 ## Prerequisites
 
 To send messages to Discord, you must setup webhooks. For details, see: [Discord: Intro to Webhooks](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks).
 
-
-
 ## Example: Using the discord() driver {#example-destination-collectd}
 
 The following example sends messages with custom avatar, and text-to-speech enabled.
 
 ```shell
-   @include "scl.conf"
-    destination d_discord {
-        discord(
-            url("https://discord.com/api/webhooks/x/y")
-            avatar-url("https://example.domain/any_image.png")
-            username("$HOST-bot") # Custom bot name, accepts macros
-            tts(true) # Text-to-Speech message
-            template("${MSG:-[empty message]}") # Message to send, can't be empty
-        );
-    ó}
+@include "scl.conf"
+destination d_discord {
+    discord(
+        url("https://discord.com/api/webhooks/x/y")
+        avatar-url("https://example.domain/any_image.png")
+        username("$HOST-bot") # Custom bot name, accepts macros
+        tts(true) # Text-to-Speech message
+        template("${MSG:-[empty message]}") # Message to send, can't be empty
+    );
+}
 ```
-
diff --git a/content/chapter-destinations/destination-opensearch/_index.md b/content/chapter-destinations/destination-opensearch/_index.md
@@ -3,6 +3,7 @@ title: "opensearch: Send messages to OpenSearch"
 weight:  3650
 driver: "opensearch()"
 short_description: "Send messages to OpenSearch"
+type: http
 ---
 <!-- DISCLAIMER: This file is based on the syslog-ng Open Source Edition documentation https://github.com/balabit/syslog-ng-ose-guides/commit/2f4a52ee61d1ea9ad27cb4f3168b95408fddfdf2 and is used under the terms of The syslog-ng Open Source Edition Documentation License. The file has been modified by Axoflow. -->
 
@@ -12,57 +13,65 @@ The `opensearch()` destination can directly post log messages to [OpenSearch](ht
 
 HTTPS connection, as well as password- and certificate-based authentication is supported. The content of the events is sent in JSON format.
 
-
 ## Declaration:
 
 ```shell
-   d_opensearch {
-        opensearch(
-            index("<opensearch-index-to-store-messages>")
-            url("https://your-opensearch-endpoint:9200/_bulk")
-        );
-    };
+@include "scl.conf"
+# ...
+
+d_opensearch {
+    opensearch(
+        index("<opensearch-index-to-store-messages>")
+        url("https://your-opensearch-endpoint:9200/_bulk")
+    );
+};
 ```
 
 ## Example: Sending log data to OpenSearch {#example-destination-opensearch}
 
 The following example defines an `opensearch()` destination, with only the required options.
 
 ```shell
-   destination opensearch {
-        opensearch(
-            index("<name-of-the-index>")
-            url("http://my-elastic-server:9200/_bulk")
-        );
-    };
-
-
-    log {
-        source(s_file);
-        destination(d_opensearch_http);
-        flags(flow-control);
-    };
+@include "scl.conf"
+# ...
+
+destination opensearch {
+    opensearch(
+        index("<name-of-the-index>")
+        url("http://my-elastic-server:9200/_bulk")
+    );
+};
+
+
+log {
+    source(s_file);
+    destination(d_opensearch_http);
+    flags(flow-control);
+};
 ```
 
 The following example uses mutually-authenticated HTTPS connection, templated index, and also sets some other options.
 
 ```shell
-   destination opensearch_https {
-        opensearch(
-            url("https://node01.example.com:9200/_bulk")
-            index("test-${YEAR}${MONTH}${DAY}")
-            time-zone("UTC")
-            workers(4)
-            batch-lines(16)
-            timeout(10)
-            tls(
-                ca-file("ca.pem")
-                cert-file("syslog_ng.crt.pem")
-                key-file("syslog_ng.key.pem")
-                peer-verify(yes)
-            )
-        );
-    };
+@include "scl.conf"
+# ...
+
+destination opensearch_https {
+    opensearch(
+        url("https://node01.example.com:9200/_bulk")
+        index("test-${YEAR}${MONTH}${DAY}")
+        time-zone("UTC")
+        workers(4)
+        batch-lines(16)
+        timeout(10)
+        tls(
+            ca-file("ca.pem")
+            cert-file("syslog_ng.crt.pem")
+            key-file("syslog_ng.key.pem")
+            peer-verify(yes)
+        )
+    );
+};
 ```
 
 This driver is actually a reusable configuration snippet configured to send log messages using the `http()` driver using a template. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of this configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/tree/master/scl/opensearch).