diff options
Diffstat (limited to 'logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf')
| -rw-r--r-- | logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf b/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf new file mode 100644 index 00000000..2dbd416e --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf @@ -0,0 +1,145 @@ +[syslog tail] + ## Example: Log collector that will tail the syslog file and count + ## occurences of certain keywords, using POSIX regular expressions. + + ## Required settings + enabled = no + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /var/log/syslog + ## log path = /var/log/messages + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Examples of extracting custom metrics from syslog: + # custom 1 chart = identifier + # custom 1 regex name = kernel + # custom 1 regex = .*\bkernel\b.* + # custom 1 ignore case = no + + # custom 2 chart = identifier + # custom 2 regex name = systemd + # custom 2 regex = .*\bsystemd\b.* + # custom 2 ignore case = no + + # custom 3 chart = identifier + # custom 3 regex name = CRON + # custom 3 regex = .*\bCRON\b.* + # custom 3 ignore case = no + + # custom 3 chart = identifier + # custom 3 regex name = netdata + # custom 3 regex = .*\netdata\b.* + # custom 3 ignore case = no + +[syslog Unix socket] + ## Example: Log collector that will listen for RFC-3164 syslog on a UNIX + ## socket that will be created on /tmp/netdata-syslog.sock . + + ## Required settings + enabled = no + log type = flb_syslog + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, + ## please ensure the right permissions exist for this path + log path = /tmp/netdata-syslog.sock + + ## Ruby Regular Expression to define expected syslog format + ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined + ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression + log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/ + + ## Set up configuration specific to flb_syslog + ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters + ## Modes supported are: unix_tcp, unix_udp, tcp, udp + mode = unix_udp + # listen = 0.0.0.0 + # port = 5140 + unix_perm = 0666 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes + +[syslog TCP socket] + ## Example: Log collector that will listen for RFC-3164 syslog, + ## incoming via TCP on localhost IP and port 5140. + + ## Required settings + enabled = no + log type = flb_syslog + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, + ## please ensure the right permissions exist for this path + # log path = /tmp/netdata-syslog.sock + + ## Ruby Regular Expression to define expected syslog format + ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined + ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression + log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/ + + ## Set up configuration specific to flb_syslog + ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters + ## Modes supported are: unix_tcp, unix_udp, tcp, udp + mode = tcp + listen = 0.0.0.0 + port = 5140 + # unix_perm = 0666 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes |