feat(new sink): add dedicated syslog sink for RFC 5424/3164 output

[tot19]

Summary

Adds a new syslog sink that sends log events in syslog format (RFC 5424 or RFC 3164) over TCP, UDP, or Unix sockets.

This wraps the existing socket transport utilities (TcpSinkConfig, UdpSinkConfig, UnixSinkConfig) with the syslog codec from #23777 hardcoded as the serializer. Syslog-specific options (rfc, facility, severity, app_name, proc_id, msg_id) are exposed at the top level for a first-class configuration experience — no need to manually wire encoding.codec = "syslog" through the socket sink.

Thanks to @vparfonov, @polarathene, and @syedriko for the syslog encoder work in #23777 that made this possible.

Vector configuration

TCP (RFC 5424):

[sinks.my_syslog]
type = "syslog"
inputs = ["my_source"]
mode = "tcp"
address = "syslog.example.com:514"
syslog.rfc = "rfc5424"
syslog.app_name = ".app_name"
syslog.facility = ".facility"
syslog.severity = ".severity"

UDP (RFC 3164):

[sinks.my_syslog]
type = "syslog"
inputs = ["my_source"]
mode = "udp"
address = "syslog.example.com:514"
syslog.rfc = "rfc3164"

Unix socket:

[sinks.my_syslog]
type = "syslog"
inputs = ["my_source"]
mode = "unix_stream"
path = "/dev/log"

TCP with TLS (RFC 5425):

[sinks.my_syslog]
type = "syslog"
inputs = ["my_source"]
mode = "tcp"
address = "syslog.example.com:6514"
tls.enabled = true
tls.ca_file = "/path/to/ca.pem"

How did you test this PR?

Unit tests — 8 tests covering all transport modes and both RFC formats:

• generate_config — config round-trip through TOML
• component_spec_compliance — deserialize generated config, build sink, validate instrumentation events
• tcp_syslog_rfc5424 — TCP delivery with RFC 5424 version marker assertion
• tcp_syslog_rfc3164 — RFC 3164 format parsed from TOML, negative assertion on version field
• tcp_syslog_custom_fields — custom syslog.app_name field path wired through to output
• tcp_multiple_events — 10 events verifying newline-delimited framing correctness
• udp_syslog — UDP delivery with format verification
• unix_stream_syslog — Unix domain socket delivery (#[cfg(unix)])

All tests pass with cargo test --no-default-features --features sinks-syslog -p vector --lib sinks::syslog.

Local end-to-end test — Built Vector with the syslog sink and demo_logs source, then ran it against local TCP and UDP listeners:

• TCP + RFC 5424: demo_logs → syslog sink → TCP listener on 127.0.0.1:9514. Received properly formatted messages:

  <14>1 2026-03-27T04:50:34.803539Z localhost vector - - - Vector syslog sink works
  

• UDP + RFC 3164: demo_logs (JSON format) → syslog sink → UDP listener on 127.0.0.1:9514. Received properly formatted messages:

  <14>Mar 27 04:51:14 localhost vector: {"host":"81.240.50.16",...}
  

Both transports and RFC formats produce correct output end-to-end.

Change Type

• New feature
• Bug fix
• Dependencies
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

• Yes. Changelog fragment added.
• No.

References

• Closes: New syslog sink #6863
• Related: feat(codecs): Add syslog encoder #23777 (syslog encoder codec)

Notes

• Encoding hardcoded to syslog. Users who need configurable encoding with field filtering already have the socket sink with encoding.codec = "syslog".
• Newline-delimited TCP framing. Octet-counting framing (RFC 6587) is not yet supported — would require a new OctetCountingEncoder in the codecs crate. Noted as a future option in a code comment.