From be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 04:57:58 +0200
Subject: Adding upstream version 1.44.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 collectors/log2journal/log2journal.d/default.yaml  |  15 ++
 .../log2journal/log2journal.d/nginx-combined.yaml  |  91 ++++++++++++
 .../log2journal/log2journal.d/nginx-json.yaml      | 164 +++++++++++++++++++++
 3 files changed, 270 insertions(+)
 create mode 100644 collectors/log2journal/log2journal.d/default.yaml
 create mode 100644 collectors/log2journal/log2journal.d/nginx-combined.yaml
 create mode 100644 collectors/log2journal/log2journal.d/nginx-json.yaml

(limited to 'collectors/log2journal/log2journal.d')

diff --git a/collectors/log2journal/log2journal.d/default.yaml b/collectors/log2journal/log2journal.d/default.yaml
new file mode 100644
index 00000000..d41efc4a
--- /dev/null
+++ b/collectors/log2journal/log2journal.d/default.yaml
@@ -0,0 +1,15 @@
+pattern: none
+
+filename:
+  key: LOG_FILENAME
+
+inject:
+  - key: MESSAGE
+    value: '${LINE}' # a special variable that resolves to the whole line read from the log
+
+  - key: PRIORITY
+    value: 6           # Valid PRIORITIES: 0=emerg, 1=alert, 2=crit, 3=error, 4=warn, 5=notice, 6=info, 7=debug
+
+  - key: SYSLOG_IDENTIFIER
+    value: log2journal # the name of the application sending the logs
+
diff --git a/collectors/log2journal/log2journal.d/nginx-combined.yaml b/collectors/log2journal/log2journal.d/nginx-combined.yaml
new file mode 100644
index 00000000..003c774d
--- /dev/null
+++ b/collectors/log2journal/log2journal.d/nginx-combined.yaml
@@ -0,0 +1,91 @@
+# Netdata log2journal Configuration
+# The following parses nginx log files using the combined format.
+
+# The PCRE2 pattern to match log entries and give names to the fields.
+# The journal will have these names, so follow their rules. You can
+# initiate an extended PCRE2 pattern by starting the pattern with (?x)
+pattern: |
+  (?x)                                   # Enable PCRE2 extended mode
+  ^
+  (?<NGINX_REMOTE_ADDR>[^ ]+) \s - \s    # NGINX_REMOTE_ADDR
+  (?<NGINX_REMOTE_USER>[^ ]+) \s         # NGINX_REMOTE_USER
+  \[
+    (?<NGINX_TIME_LOCAL>[^\]]+)          # NGINX_TIME_LOCAL
+  \]
+  \s+ "
+  (?<NGINX_REQUEST>
+    (?<NGINX_REQUEST_METHOD>[A-Z]+) \s+  # NGINX_METHOD
+    (?<NGINX_REQUEST_URI>[^ ]+) \s+
+    (?<NGINX_SERVER_PROTOCOL>[^"]+)
+  )
+  " \s+
+  (?<NGINX_STATUS>\d+) \s+               # NGINX_STATUS
+  (?<NGINX_BODY_BYTES_SENT>\d+) \s+      # NGINX_BODY_BYTES_SENT
+  "(?<NGINX_HTTP_REFERER>[^"]*)" \s+     # NGINX_HTTP_REFERER
+  "(?<NGINX_HTTP_USER_AGENT>[^"]*)"      # NGINX_HTTP_USER_AGENT
+
+# When log2journal can detect the filename of each log entry (tail gives it
+# only when it tails multiple files), this key will be used to send the
+# filename to the journals.
+filename:
+  key: NGINX_LOG_FILENAME
+
+rename:
+  - new_key: MESSAGE
+    old_key: NGINX_REQUEST
+
+# Inject constant fields into the journal logs.
+inject:
+  - key: SYSLOG_IDENTIFIER
+    value: nginx-log
+
+  # inject PRIORITY is a duplicate of NGINX_STATUS
+  - key: PRIORITY
+    value: '${NGINX_STATUS}'
+
+  # Inject NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
+  - key: NGINX_STATUS_FAMILY
+    value: '${NGINX_STATUS}'
+
+# Rewrite the value of fields (including the duplicated ones).
+# The search pattern can have named groups, and the replace pattern can use
+# them as ${name}.
+rewrite:
+  # PRIORITY is a duplicate of NGINX_STATUS
+  # Valid PRIORITIES: 0=emerg, 1=alert, 2=crit, 3=error, 4=warn, 5=notice, 6=info, 7=debug
+  - key: PRIORITY
+    match: '^[123]'
+    value: 6
+
+  - key: PRIORITY
+    match: '^4'
+    value: 5
+
+  - key: PRIORITY
+    match: '^5'
+    value: 3
+
+  - key: PRIORITY
+    match: '.*'
+    value: 4
+
+  # NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
+  - key: NGINX_STATUS_FAMILY
+    match: '^(?<first_digit>[1-5])'
+    value: '${first_digit}xx'
+
+  - key: NGINX_STATUS_FAMILY
+    match: '.*'
+    value: 'UNKNOWN'
+
+# Control what to do when input logs do not match the main PCRE2 pattern.
+unmatched:
+  # The journal key to log the PCRE2 error message to.
+  # Set this to MESSAGE, so you to see the error in the log.
+  key: MESSAGE
+
+  # Inject static fields to the unmatched entries.
+  # Set PRIORITY=1 (alert) to help you spot unmatched entries in the logs.
+  inject:
+    - key: PRIORITY
+      value: 1
diff --git a/collectors/log2journal/log2journal.d/nginx-json.yaml b/collectors/log2journal/log2journal.d/nginx-json.yaml
new file mode 100644
index 00000000..7fdc4be5
--- /dev/null
+++ b/collectors/log2journal/log2journal.d/nginx-json.yaml
@@ -0,0 +1,164 @@
+# For all nginx variables, check this:
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#var_connection_requests
+
+pattern: json
+
+prefix: NGINX_
+
+# When log2journal can detect the filename of each log entry (tail gives it
+# only when it tails multiple files), this key will be used to send the
+# filename to the journals.
+filename:
+  key: NGINX_LOG_FILENAME
+
+filter:
+  exclude: '^(NGINX_BINARY_REMOTE_ADDR)$'
+
+rename:
+  - new_key: MESSAGE
+    old_key: NGINX_REQUEST
+
+  # args is an alias for query_string
+  - new_key: NGINX_QUERY_STRING
+    old_key: NGINX_ARGS
+
+  # document_uri is an alias for uri
+  - new_key: NGINX_URI
+    old_key: NGINX_DOCUMENT_URI
+
+  # is_args states if the request had a query string or not
+  - new_key: NGINX_HAS_QUERY_STRING
+    old_key: NGINX_IS_ARGS
+
+  # msec is the timestamp in seconds, with fractional digits for milliseconds
+  - new_key: NGINX_TIMESTAMP_SEC
+    old_key: NGINX_MSEC
+
+  # nginx_version is already prefixed with nginx, let's remove one of them
+  - new_key: NGINX_VERSION
+    old_key: NGINX_NGINX_VERSION
+
+  # pipe states if the request was pipelined or not
+  - new_key: NGINX_PIPELINED
+    old_key: NGINX_PIPE
+
+  # rename numeric TLVs to their names
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_ALPN
+    old_key: NGINX_PROXY_PROTOCOL_TLV_0X01
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_AUTHORITY
+    old_key: NGINX_PROXY_PROTOCOL_TLV_0X02
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_UNIQUE_ID
+    old_key: NGINX_PROXY_PROTOCOL_TLV_0X05
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL
+    old_key: NGINX_PROXY_PROTOCOL_TLV_0X20
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_NETNS
+    old_key: NGINX_PROXY_PROTOCOL_TLV_0X30
+
+  # rename numeric SSL TLVs to their names
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERSION
+    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X21
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_CN
+    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X22
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_CIPHER
+    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X23
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_SIG_ALG
+    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X24
+  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_KEY_ALG
+    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X25
+
+# Inject constant fields into the journal logs.
+inject:
+  - key: SYSLOG_IDENTIFIER
+    value: nginx-log
+
+  # inject PRIORITY is a duplicate of NGINX_STATUS
+  - key: PRIORITY
+    value: '${NGINX_STATUS}'
+
+  # Inject NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
+  - key: NGINX_STATUS_FAMILY
+    value: '${NGINX_STATUS}'
+
+
+# Rewrite the value of fields (including the duplicated ones).
+# The search pattern can have named groups, and the replace pattern can use
+# them as ${name}.
+rewrite:
+  # a ? means it has query string, everything else means it does not
+  - key: NGINX_HAS_QUERY_STRING
+    match: '^\?$'
+    value: yes
+  - key: NGINX_HAS_QUERY_STRING
+    match: '.*'
+    value: no
+
+  # 'on' means it was HTTPS, everything else means it was not
+  - key: NGINX_HTTPS
+    match: '^on$'
+    value: yes
+  - key: NGINX_HTTPS
+    match: '.*'
+    value: no
+
+  # 'p' means it was pipelined, everything else means it was not
+  - key: NGINX_PIPELINED
+    match: '^p$'
+    value: yes
+  - key: NGINX_PIPELINED
+    match: '.*'
+    value: no
+
+  # zero means client sent a certificate and it was verified, non-zero means otherwise
+  - key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERIFY
+    match: '^0$'
+    value: yes
+  - key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERIFY
+    match: '.*'
+    value: no
+
+  # 'OK' means request completed, everything else means it didn't
+  - key: NGINX_REQUEST_COMPLETION
+    match: '^OK$'
+    value: 'completed'
+  - key: NGINX_REQUEST_COMPLETION
+    match: '.*'
+    value: 'not completed'
+
+  # PRIORTY is a duplicate of NGINX_STATUS
+  # Valid PRIORITIES: 0=emerg, 1=alert, 2=crit, 3=error, 4=warn, 5=notice, 6=info, 7=debug
+  - key: PRIORITY
+    match: '^[123]'
+    value: 6
+
+  - key: PRIORITY
+    match: '^4'
+    value: 5
+
+  - key: PRIORITY
+    match: '^5'
+    value: 3
+
+  - key: PRIORITY
+    match: '.*'
+    value: 4
+
+  # NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
+  - key: NGINX_STATUS_FAMILY
+    match: '^(?<first_digit>[1-5])'
+    value: '${first_digit}xx'
+
+  - key: NGINX_STATUS_FAMILY
+    match: '.*'
+    value: 'UNKNOWN'
+
+# Control what to do when input logs do not match the main PCRE2 pattern.
+unmatched:
+  # The journal key to log the PCRE2 error message to.
+  # Set this to MESSAGE, so you to see the error in the log.
+  key: MESSAGE
+
+  # Inject static fields to the unmatched entries.
+  # Set PRIORITY=1 (alert) to help you spot unmatched entries in the logs.
+  inject:
+    - key: PRIORITY
+      value: 1
-- 
cgit v1.2.3