summaryrefslogtreecommitdiffstats
path: root/logsmanagement/stock_conf/logsmanagement.d/default.conf
diff options
context:
space:
mode:
Diffstat (limited to 'logsmanagement/stock_conf/logsmanagement.d/default.conf')
-rw-r--r--logsmanagement/stock_conf/logsmanagement.d/default.conf455
1 files changed, 455 insertions, 0 deletions
diff --git a/logsmanagement/stock_conf/logsmanagement.d/default.conf b/logsmanagement/stock_conf/logsmanagement.d/default.conf
new file mode 100644
index 00000000..80ea790c
--- /dev/null
+++ b/logsmanagement/stock_conf/logsmanagement.d/default.conf
@@ -0,0 +1,455 @@
+# ------------------------------------------------------------------------------
+# Netdata Logs Management default configuration
+# See full explanation on https://github.com/netdata/netdata/blob/master/logsmanagement/README.md
+#
+# To add a new log source, a new section must be added in this
+# file with at least the following settings:
+#
+# [LOG SOURCE NAME]
+# enabled = yes
+# log type = flb_tail
+#
+# For a list of all available log types, see:
+# https://github.com/netdata/netdata/blob/master/logsmanagement/README.md#types-of-available-collectors
+#
+# ------------------------------------------------------------------------------
+
+[kmsg Logs]
+ ## Example: Log collector that will collect new kernel ring buffer logs
+
+ ## Required settings
+ enabled = yes
+ log type = flb_kmsg
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ use log timestamp = no
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Drop kernel logs with priority higher than prio_level.
+ # prio level = 8
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ severity chart = yes
+ subsystem chart = yes
+ device chart = yes
+
+ ## Example of capturing specific kmsg events:
+ # custom 1 chart = USB connect/disconnect
+ # custom 1 regex name = connect
+ # custom 1 regex = .*\bNew USB device found\b.*
+
+ # custom 2 chart = USB connect/disconnect
+ # custom 2 regex name = disconnect
+ # custom 2 regex = .*\bUSB disconnect\b.*
+
+[Systemd Logs]
+ ## Example: Log collector that will query journald to collect system logs
+
+ ## Required settings
+ enabled = yes
+ log type = flb_systemd
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Use default path to Systemd Journal
+ log path = auto
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ priority value chart = yes
+ severity chart = yes
+ facility chart = yes
+
+[Docker Events Logs]
+ ## Example: Log collector that will monitor the Docker daemon socket and
+ ## collect Docker event logs in a default format similar to executing
+ ## the `sudo docker events` command.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_docker_events
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Use default Docker socket UNIX path: /var/run/docker.sock
+ log path = auto
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ event type chart = yes
+ event action chart = yes
+
+ ## Example of how to capture create / attach / die events for a named container:
+ # custom 1 chart = serverA events
+ # custom 1 regex name = container create
+ # custom 1 regex = .*\bcontainer create\b.*\bname=serverA\b.*
+
+ # custom 2 chart = serverA events
+ # custom 2 regex name = container attach
+ # custom 2 regex = .*\bcontainer attach\b.*\bname=serverA\b.*
+
+ # custom 3 chart = serverA events
+ # custom 3 regex name = container die
+ # custom 3 regex = .*\bcontainer die\b.*\bname=serverA\b.*
+
+ ## Stream to https://cloud.openobserve.ai/
+ # output 1 name = http
+ # output 1 URI = YOUR_API_URI
+ # output 1 Host = api.openobserve.ai
+ # output 1 Port = 443
+ # output 1 tls = On
+ # output 1 Format = json
+ # output 1 Json_date_key = _timestamp
+ # output 1 Json_date_format = iso8601
+ # output 1 HTTP_User = test@netdata.cloud
+ # output 1 HTTP_Passwd = YOUR_OPENOBSERVE_PASSWORD
+ # output 1 compress = gzip
+
+ ## Real-time export to /tmp/docker_event_logs.csv
+ # output 2 name = file
+ # output 2 Path = /tmp
+ # output 2 File = docker_event_logs.csv
+
+[Apache access.log]
+ ## Example: Log collector that will tail Apache's access.log file and
+ ## parse each new record to extract common web server metrics.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_web_log
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/apache2/access.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Auto-detect web log format, otherwise it can be set manually, e.g.:
+ ## log format = %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
+ ## see https://httpd.apache.org/docs/2.4/logs.html#accesslog
+ log format = auto
+
+ ## Detect errors such as illegal port numbers or response codes.
+ verify parsed logs = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ vhosts chart = yes
+ ports chart = yes
+ IP versions chart = yes
+ unique client IPs - current poll chart = yes
+ unique client IPs - all-time chart = no
+ http request methods chart = yes
+ http protocol versions chart = yes
+ bandwidth chart = yes
+ timings chart = yes
+ response code families chart = yes
+ response codes chart = yes
+ response code types chart = yes
+ SSL protocols chart = yes
+ SSL chipher suites chart = yes
+
+[Nginx access.log]
+ ## Example: Log collector that will tail Nginx's access.log file and
+ ## parse each new record to extract common web server metrics.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_web_log
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/nginx/access.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## see https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log
+ log format = $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length $request_time "$http_referer" "$http_user_agent"
+
+ ## Detect errors such as illegal port numbers or response codes.
+ verify parsed logs = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ vhosts chart = yes
+ ports chart = yes
+ IP versions chart = yes
+ unique client IPs - current poll chart = yes
+ unique client IPs - all-time chart = no
+ http request methods chart = yes
+ http protocol versions chart = yes
+ bandwidth chart = yes
+ timings chart = yes
+ response code families chart = yes
+ response codes chart = yes
+ response code types chart = yes
+ SSL protocols chart = yes
+ SSL chipher suites chart = yes
+
+[Netdata daemon.log]
+ ## Example: Log collector that will tail Netdata's daemon.log and
+ ## it will generate log level charts based on custom regular expressions.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /tmp/netdata/var/log/netdata/daemon.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from Netdata's daemon.log:
+
+ ## log level chart
+ custom 1 chart = log level
+ custom 1 regex name = emergency
+ custom 1 regex = level=emergency
+ custom 1 ignore case = no
+
+ custom 2 chart = log level
+ custom 2 regex name = alert
+ custom 2 regex = level=alert
+ custom 2 ignore case = no
+
+ custom 3 chart = log level
+ custom 3 regex name = critical
+ custom 3 regex = level=critical
+ custom 3 ignore case = no
+
+ custom 4 chart = log level
+ custom 4 regex name = error
+ custom 4 regex = level=error
+ custom 4 ignore case = no
+
+ custom 5 chart = log level
+ custom 5 regex name = warning
+ custom 5 regex = level=warning
+ custom 5 ignore case = no
+
+ custom 6 chart = log level
+ custom 6 regex name = notice
+ custom 6 regex = level=notice
+ custom 6 ignore case = no
+
+ custom 7 chart = log level
+ custom 7 regex name = info
+ custom 7 regex = level=info
+ custom 7 ignore case = no
+
+ custom 8 chart = log level
+ custom 8 regex name = debug
+ custom 8 regex = level=debug
+ custom 8 ignore case = no
+
+[Netdata fluentbit.log]
+ ## Example: Log collector that will tail Netdata's
+ ## embedded Fluent Bit's logs
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /tmp/netdata/var/log/netdata/fluentbit.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from fluentbit.log:
+
+ ## log level chart
+ custom 1 chart = log level
+ custom 1 regex name = error
+ custom 1 regex = \[error\]
+ custom 1 ignore case = no
+
+ custom 2 chart = log level
+ custom 2 regex name = warning
+ custom 2 regex = \[warning\]
+ custom 2 ignore case = no
+
+ custom 3 chart = log level
+ custom 3 regex name = info
+ custom 3 regex = \[ info\]
+ custom 3 ignore case = no
+
+ custom 4 chart = log level
+ custom 4 regex name = debug
+ custom 4 regex = \[debug\]
+ custom 4 ignore case = no
+
+ custom 5 chart = log level
+ custom 5 regex name = trace
+ custom 5 regex = \[trace\]
+ custom 5 ignore case = no
+
+[auth.log tail]
+ ## Example: Log collector that will tail auth.log file and count
+ ## occurences of certain `sudo` commands, using POSIX regular expressions.
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/auth.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from auth.log:
+ # custom 1 chart = failed su
+ # # custom 1 regex name =
+ # custom 1 regex = .*\bsu\b.*\bFAILED SU\b.*
+ # custom 1 ignore case = no
+
+ # custom 2 chart = sudo commands
+ # custom 2 regex name = sudo su
+ # custom 2 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/su\b.*
+ # custom 2 ignore case = yes
+
+ # custom 3 chart = sudo commands
+ # custom 3 regex name = sudo docker run
+ # custom 3 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/docker run\b.*
+ # custom 3 ignore case = yes
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 08:15:42 +0000