diff options
Diffstat (limited to '')
6 files changed, 798 insertions, 0 deletions
diff --git a/logsmanagement/stock_conf/logsmanagement.d.conf b/logsmanagement/stock_conf/logsmanagement.d.conf new file mode 100644 index 00000000..1089aee1 --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d.conf @@ -0,0 +1,33 @@ +[global] + update every = 1 + update timeout = 10 + use log timestamp = auto + circular buffer max size MiB = 64 + circular buffer drop logs if full = no + compression acceleration = 1 + collected logs total chart enable = no + collected logs rate chart enable = yes + submit logs to system journal = no + systemd journal fields prefix = LOGS_MANAG_ + +[db] + db mode = none + # db dir = change to use non-default path + circular buffer flush to db = 6 + disk space limit MiB = 500 + +[forward input] + enabled = no + unix path = + unix perm = 0644 + listen = 0.0.0.0 + port = 24224 + +[fluent bit] + flush = 0.1 + http listen = 0.0.0.0 + http port = 2020 + http server = false + # log file = change to use non-default path + log level = info + coro stack size = 24576 diff --git a/logsmanagement/stock_conf/logsmanagement.d/default.conf b/logsmanagement/stock_conf/logsmanagement.d/default.conf new file mode 100644 index 00000000..80ea790c --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/default.conf @@ -0,0 +1,455 @@ +# ------------------------------------------------------------------------------ +# Netdata Logs Management default configuration +# See full explanation on https://github.com/netdata/netdata/blob/master/logsmanagement/README.md +# +# To add a new log source, a new section must be added in this +# file with at least the following settings: +# +# [LOG SOURCE NAME] +# enabled = yes +# log type = flb_tail +# +# For a list of all available log types, see: +# https://github.com/netdata/netdata/blob/master/logsmanagement/README.md#types-of-available-collectors +# +# ------------------------------------------------------------------------------ + +[kmsg Logs] + ## Example: Log collector that will collect new kernel ring buffer logs + + ## Required settings + enabled = yes + log type = flb_kmsg + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + use log timestamp = no + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Drop kernel logs with priority higher than prio_level. + # prio level = 8 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + severity chart = yes + subsystem chart = yes + device chart = yes + + ## Example of capturing specific kmsg events: + # custom 1 chart = USB connect/disconnect + # custom 1 regex name = connect + # custom 1 regex = .*\bNew USB device found\b.* + + # custom 2 chart = USB connect/disconnect + # custom 2 regex name = disconnect + # custom 2 regex = .*\bUSB disconnect\b.* + +[Systemd Logs] + ## Example: Log collector that will query journald to collect system logs + + ## Required settings + enabled = yes + log type = flb_systemd + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Use default path to Systemd Journal + log path = auto + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes + +[Docker Events Logs] + ## Example: Log collector that will monitor the Docker daemon socket and + ## collect Docker event logs in a default format similar to executing + ## the `sudo docker events` command. + + ## Required settings + enabled = yes + log type = flb_docker_events + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Use default Docker socket UNIX path: /var/run/docker.sock + log path = auto + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + event type chart = yes + event action chart = yes + + ## Example of how to capture create / attach / die events for a named container: + # custom 1 chart = serverA events + # custom 1 regex name = container create + # custom 1 regex = .*\bcontainer create\b.*\bname=serverA\b.* + + # custom 2 chart = serverA events + # custom 2 regex name = container attach + # custom 2 regex = .*\bcontainer attach\b.*\bname=serverA\b.* + + # custom 3 chart = serverA events + # custom 3 regex name = container die + # custom 3 regex = .*\bcontainer die\b.*\bname=serverA\b.* + + ## Stream to https://cloud.openobserve.ai/ + # output 1 name = http + # output 1 URI = YOUR_API_URI + # output 1 Host = api.openobserve.ai + # output 1 Port = 443 + # output 1 tls = On + # output 1 Format = json + # output 1 Json_date_key = _timestamp + # output 1 Json_date_format = iso8601 + # output 1 HTTP_User = test@netdata.cloud + # output 1 HTTP_Passwd = YOUR_OPENOBSERVE_PASSWORD + # output 1 compress = gzip + + ## Real-time export to /tmp/docker_event_logs.csv + # output 2 name = file + # output 2 Path = /tmp + # output 2 File = docker_event_logs.csv + +[Apache access.log] + ## Example: Log collector that will tail Apache's access.log file and + ## parse each new record to extract common web server metrics. + + ## Required settings + enabled = yes + log type = flb_web_log + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /var/log/apache2/access.log + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Auto-detect web log format, otherwise it can be set manually, e.g.: + ## log format = %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i" + ## see https://httpd.apache.org/docs/2.4/logs.html#accesslog + log format = auto + + ## Detect errors such as illegal port numbers or response codes. + verify parsed logs = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + vhosts chart = yes + ports chart = yes + IP versions chart = yes + unique client IPs - current poll chart = yes + unique client IPs - all-time chart = no + http request methods chart = yes + http protocol versions chart = yes + bandwidth chart = yes + timings chart = yes + response code families chart = yes + response codes chart = yes + response code types chart = yes + SSL protocols chart = yes + SSL chipher suites chart = yes + +[Nginx access.log] + ## Example: Log collector that will tail Nginx's access.log file and + ## parse each new record to extract common web server metrics. + + ## Required settings + enabled = yes + log type = flb_web_log + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /var/log/nginx/access.log + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## see https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log + log format = $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length $request_time "$http_referer" "$http_user_agent" + + ## Detect errors such as illegal port numbers or response codes. + verify parsed logs = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + vhosts chart = yes + ports chart = yes + IP versions chart = yes + unique client IPs - current poll chart = yes + unique client IPs - all-time chart = no + http request methods chart = yes + http protocol versions chart = yes + bandwidth chart = yes + timings chart = yes + response code families chart = yes + response codes chart = yes + response code types chart = yes + SSL protocols chart = yes + SSL chipher suites chart = yes + +[Netdata daemon.log] + ## Example: Log collector that will tail Netdata's daemon.log and + ## it will generate log level charts based on custom regular expressions. + + ## Required settings + enabled = yes + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /tmp/netdata/var/log/netdata/daemon.log + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Examples of extracting custom metrics from Netdata's daemon.log: + + ## log level chart + custom 1 chart = log level + custom 1 regex name = emergency + custom 1 regex = level=emergency + custom 1 ignore case = no + + custom 2 chart = log level + custom 2 regex name = alert + custom 2 regex = level=alert + custom 2 ignore case = no + + custom 3 chart = log level + custom 3 regex name = critical + custom 3 regex = level=critical + custom 3 ignore case = no + + custom 4 chart = log level + custom 4 regex name = error + custom 4 regex = level=error + custom 4 ignore case = no + + custom 5 chart = log level + custom 5 regex name = warning + custom 5 regex = level=warning + custom 5 ignore case = no + + custom 6 chart = log level + custom 6 regex name = notice + custom 6 regex = level=notice + custom 6 ignore case = no + + custom 7 chart = log level + custom 7 regex name = info + custom 7 regex = level=info + custom 7 ignore case = no + + custom 8 chart = log level + custom 8 regex name = debug + custom 8 regex = level=debug + custom 8 ignore case = no + +[Netdata fluentbit.log] + ## Example: Log collector that will tail Netdata's + ## embedded Fluent Bit's logs + + ## Required settings + enabled = no + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /tmp/netdata/var/log/netdata/fluentbit.log + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Examples of extracting custom metrics from fluentbit.log: + + ## log level chart + custom 1 chart = log level + custom 1 regex name = error + custom 1 regex = \[error\] + custom 1 ignore case = no + + custom 2 chart = log level + custom 2 regex name = warning + custom 2 regex = \[warning\] + custom 2 ignore case = no + + custom 3 chart = log level + custom 3 regex name = info + custom 3 regex = \[ info\] + custom 3 ignore case = no + + custom 4 chart = log level + custom 4 regex name = debug + custom 4 regex = \[debug\] + custom 4 ignore case = no + + custom 5 chart = log level + custom 5 regex name = trace + custom 5 regex = \[trace\] + custom 5 ignore case = no + +[auth.log tail] + ## Example: Log collector that will tail auth.log file and count + ## occurences of certain `sudo` commands, using POSIX regular expressions. + + ## Required settings + enabled = no + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /var/log/auth.log + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Examples of extracting custom metrics from auth.log: + # custom 1 chart = failed su + # # custom 1 regex name = + # custom 1 regex = .*\bsu\b.*\bFAILED SU\b.* + # custom 1 ignore case = no + + # custom 2 chart = sudo commands + # custom 2 regex name = sudo su + # custom 2 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/su\b.* + # custom 2 ignore case = yes + + # custom 3 chart = sudo commands + # custom 3 regex name = sudo docker run + # custom 3 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/docker run\b.* + # custom 3 ignore case = yes diff --git a/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf b/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf new file mode 100644 index 00000000..87921d25 --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf @@ -0,0 +1,96 @@ +[Forward systemd] + ## Example: Log collector that will collect streamed Systemd logs + ## only for parsing, according to global "forward in" configuration + ## found in logsmanagement.d.conf . + + ## Required settings + enabled = no + log type = flb_systemd + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Streaming input settings. + log source = forward + stream guid = 6ce266f5-2704-444d-a301-2423b9d30735 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes + +[Forward Docker Events] + ## Example: Log collector that will collect streamed Docker Events logs + ## only for parsing, according to global "forward in" configuration + ## found in logsmanagement.d.conf . + + ## Required settings + enabled = no + log type = flb_docker_events + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Streaming input settings. + log source = forward + stream guid = 6ce266f5-2704-444d-a301-2423b9d30736 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + event type chart = yes + +[Forward collection] + ## Example: Log collector that will collect streamed logs of any type + ## according to global "forward in" configuration found in + ## logsmanagement.d.conf and will also save them in the logs database. + + ## Required settings + enabled = no + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + db mode = full + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Streaming input settings. + log source = forward + stream guid = 6ce266f5-2704-444d-a301-2423b9d30737 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes diff --git a/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf b/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf new file mode 100644 index 00000000..2481795d --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf @@ -0,0 +1,31 @@ +[MQTT messages] + ## Example: Log collector that will create a server to listen for MQTT logs over a TCP connection. + + ## Required settings + enabled = no + log type = flb_mqtt + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Set up configuration specific to flb_mqtt + ## see also https://docs.fluentbit.io/manual/pipeline/inputs/mqtt + # listen = 0.0.0.0 + # port = 1883 + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + topic chart = yes diff --git a/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf b/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf new file mode 100644 index 00000000..7b0bb0bc --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf @@ -0,0 +1,38 @@ +[Serial logs] + ## Example: Log collector that will collect logs from a serial interface. + + ## Required settings + enabled = no + log type = flb_serial + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Set up configuration specific to flb_serial + log path = /dev/pts/4 + bitrate = 115200 + min bytes = 1 + # separator = X + # format = json + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Example of extracting custom metrics from serial interface messages: + # custom 1 chart = UART0 + # # custom 1 regex name = test + # custom 1 regex = .*\bUART0\b.* + # # custom 1 ignore case = no diff --git a/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf b/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf new file mode 100644 index 00000000..2dbd416e --- /dev/null +++ b/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf @@ -0,0 +1,145 @@ +[syslog tail] + ## Example: Log collector that will tail the syslog file and count + ## occurences of certain keywords, using POSIX regular expressions. + + ## Required settings + enabled = no + log type = flb_tail + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## This section supports auto-detection of log file path if section name + ## is left unchanged, otherwise it can be set manually, e.g.: + ## log path = /var/log/syslog + ## log path = /var/log/messages + ## See README for more information on 'log path = auto' option + log path = auto + + ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage. + use inotify = yes + + ## Submit structured log entries to the system journal + # submit logs to system journal = no + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + + ## Examples of extracting custom metrics from syslog: + # custom 1 chart = identifier + # custom 1 regex name = kernel + # custom 1 regex = .*\bkernel\b.* + # custom 1 ignore case = no + + # custom 2 chart = identifier + # custom 2 regex name = systemd + # custom 2 regex = .*\bsystemd\b.* + # custom 2 ignore case = no + + # custom 3 chart = identifier + # custom 3 regex name = CRON + # custom 3 regex = .*\bCRON\b.* + # custom 3 ignore case = no + + # custom 3 chart = identifier + # custom 3 regex name = netdata + # custom 3 regex = .*\netdata\b.* + # custom 3 ignore case = no + +[syslog Unix socket] + ## Example: Log collector that will listen for RFC-3164 syslog on a UNIX + ## socket that will be created on /tmp/netdata-syslog.sock . + + ## Required settings + enabled = no + log type = flb_syslog + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, + ## please ensure the right permissions exist for this path + log path = /tmp/netdata-syslog.sock + + ## Ruby Regular Expression to define expected syslog format + ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined + ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression + log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/ + + ## Set up configuration specific to flb_syslog + ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters + ## Modes supported are: unix_tcp, unix_udp, tcp, udp + mode = unix_udp + # listen = 0.0.0.0 + # port = 5140 + unix_perm = 0666 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes + +[syslog TCP socket] + ## Example: Log collector that will listen for RFC-3164 syslog, + ## incoming via TCP on localhost IP and port 5140. + + ## Required settings + enabled = no + log type = flb_syslog + + ## Optional settings, common to all log source. + ## Uncomment to override global equivalents in netdata.conf. + # update every = 1 + # update timeout = 10 + # use log timestamp = auto + # circular buffer max size MiB = 64 + # circular buffer drop logs if full = no + # compression acceleration = 1 + # db mode = none + # circular buffer flush to db = 6 + # disk space limit MiB = 500 + + ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, + ## please ensure the right permissions exist for this path + # log path = /tmp/netdata-syslog.sock + + ## Ruby Regular Expression to define expected syslog format + ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined + ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression + log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/ + + ## Set up configuration specific to flb_syslog + ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters + ## Modes supported are: unix_tcp, unix_udp, tcp, udp + mode = tcp + listen = 0.0.0.0 + port = 5140 + # unix_perm = 0666 + + ## Charts to enable + # collected logs total chart enable = no + # collected logs rate chart enable = yes + priority value chart = yes + severity chart = yes + facility chart = yes |