summaryrefslogtreecommitdiffstats
path: root/src/logsmanagement/stock_conf
diff options
context:
space:
mode:
Diffstat (limited to 'src/logsmanagement/stock_conf')
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d.conf.in33
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d/default.conf455
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf96
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf31
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf38
-rw-r--r--src/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf145
6 files changed, 798 insertions, 0 deletions
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d.conf.in b/src/logsmanagement/stock_conf/logsmanagement.d.conf.in
new file mode 100644
index 000000000..8ce4183a2
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d.conf.in
@@ -0,0 +1,33 @@
+[global]
+ update every = 1
+ update timeout = 10
+ use log timestamp = auto
+ circular buffer max size MiB = 64
+ circular buffer drop logs if full = no
+ compression acceleration = 1
+ collected logs total chart enable = no
+ collected logs rate chart enable = yes
+ submit logs to system journal = no
+ systemd journal fields prefix = LOGS_MANAG_
+
+[db]
+ db mode = none
+ db dir = @cachedir_POST@/logs_management_db
+ circular buffer flush to db = 6
+ disk space limit MiB = 500
+
+[forward input]
+ enabled = no
+ unix path =
+ unix perm = 0644
+ listen = 0.0.0.0
+ port = 24224
+
+[fluent bit]
+ flush = 0.1
+ http listen = 0.0.0.0
+ http port = 2020
+ http server = false
+ log file = @localstatedir_POST@/log/netdata/fluentbit.log
+ log level = info
+ coro stack size = 24576
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d/default.conf b/src/logsmanagement/stock_conf/logsmanagement.d/default.conf
new file mode 100644
index 000000000..c01fd2070
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d/default.conf
@@ -0,0 +1,455 @@
+# ------------------------------------------------------------------------------
+# Netdata Logs Management default configuration
+# See full explanation on https://github.com/netdata/netdata/blob/master/src/logsmanagement/README.md
+#
+# To add a new log source, a new section must be added in this
+# file with at least the following settings:
+#
+# [LOG SOURCE NAME]
+# enabled = yes
+# log type = flb_tail
+#
+# For a list of all available log types, see:
+# https://github.com/netdata/netdata/blob/master/src/logsmanagement/README.md#types-of-available-collectors
+#
+# ------------------------------------------------------------------------------
+
+[kmsg Logs]
+ ## Example: Log collector that will collect new kernel ring buffer logs
+
+ ## Required settings
+ enabled = yes
+ log type = flb_kmsg
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ use log timestamp = no
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Drop kernel logs with priority higher than prio_level.
+ # prio level = 8
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ severity chart = yes
+ subsystem chart = yes
+ device chart = yes
+
+ ## Example of capturing specific kmsg events:
+ # custom 1 chart = USB connect/disconnect
+ # custom 1 regex name = connect
+ # custom 1 regex = .*\bNew USB device found\b.*
+
+ # custom 2 chart = USB connect/disconnect
+ # custom 2 regex name = disconnect
+ # custom 2 regex = .*\bUSB disconnect\b.*
+
+[Systemd Logs]
+ ## Example: Log collector that will query journald to collect system logs
+
+ ## Required settings
+ enabled = yes
+ log type = flb_systemd
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Use default path to Systemd Journal
+ log path = auto
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ priority value chart = yes
+ severity chart = yes
+ facility chart = yes
+
+[Docker Events Logs]
+ ## Example: Log collector that will monitor the Docker daemon socket and
+ ## collect Docker event logs in a default format similar to executing
+ ## the `sudo docker events` command.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_docker_events
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Use default Docker socket UNIX path: /var/run/docker.sock
+ log path = auto
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ event type chart = yes
+ event action chart = yes
+
+ ## Example of how to capture create / attach / die events for a named container:
+ # custom 1 chart = serverA events
+ # custom 1 regex name = container create
+ # custom 1 regex = .*\bcontainer create\b.*\bname=serverA\b.*
+
+ # custom 2 chart = serverA events
+ # custom 2 regex name = container attach
+ # custom 2 regex = .*\bcontainer attach\b.*\bname=serverA\b.*
+
+ # custom 3 chart = serverA events
+ # custom 3 regex name = container die
+ # custom 3 regex = .*\bcontainer die\b.*\bname=serverA\b.*
+
+ ## Stream to https://cloud.openobserve.ai/
+ # output 1 name = http
+ # output 1 URI = YOUR_API_URI
+ # output 1 Host = api.openobserve.ai
+ # output 1 Port = 443
+ # output 1 tls = On
+ # output 1 Format = json
+ # output 1 Json_date_key = _timestamp
+ # output 1 Json_date_format = iso8601
+ # output 1 HTTP_User = test@netdata.cloud
+ # output 1 HTTP_Passwd = YOUR_OPENOBSERVE_PASSWORD
+ # output 1 compress = gzip
+
+ ## Real-time export to /tmp/docker_event_logs.csv
+ # output 2 name = file
+ # output 2 Path = /tmp
+ # output 2 File = docker_event_logs.csv
+
+[Apache access.log]
+ ## Example: Log collector that will tail Apache's access.log file and
+ ## parse each new record to extract common web server metrics.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_web_log
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/apache2/access.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Auto-detect web log format, otherwise it can be set manually, e.g.:
+ ## log format = %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
+ ## see https://httpd.apache.org/docs/2.4/logs.html#accesslog
+ log format = auto
+
+ ## Detect errors such as illegal port numbers or response codes.
+ verify parsed logs = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ vhosts chart = yes
+ ports chart = yes
+ IP versions chart = yes
+ unique client IPs - current poll chart = yes
+ unique client IPs - all-time chart = no
+ http request methods chart = yes
+ http protocol versions chart = yes
+ bandwidth chart = yes
+ timings chart = yes
+ response code families chart = yes
+ response codes chart = yes
+ response code types chart = yes
+ SSL protocols chart = yes
+ SSL chipher suites chart = yes
+
+[Nginx access.log]
+ ## Example: Log collector that will tail Nginx's access.log file and
+ ## parse each new record to extract common web server metrics.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_web_log
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/nginx/access.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## see https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log
+ log format = $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length $request_time "$http_referer" "$http_user_agent"
+
+ ## Detect errors such as illegal port numbers or response codes.
+ verify parsed logs = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ vhosts chart = yes
+ ports chart = yes
+ IP versions chart = yes
+ unique client IPs - current poll chart = yes
+ unique client IPs - all-time chart = no
+ http request methods chart = yes
+ http protocol versions chart = yes
+ bandwidth chart = yes
+ timings chart = yes
+ response code families chart = yes
+ response codes chart = yes
+ response code types chart = yes
+ SSL protocols chart = yes
+ SSL chipher suites chart = yes
+
+[Netdata daemon.log]
+ ## Example: Log collector that will tail Netdata's daemon.log and
+ ## it will generate log level charts based on custom regular expressions.
+
+ ## Required settings
+ enabled = yes
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /tmp/netdata/var/log/netdata/daemon.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from Netdata's daemon.log:
+
+ ## log level chart
+ custom 1 chart = log level
+ custom 1 regex name = emergency
+ custom 1 regex = level=emergency
+ custom 1 ignore case = no
+
+ custom 2 chart = log level
+ custom 2 regex name = alert
+ custom 2 regex = level=alert
+ custom 2 ignore case = no
+
+ custom 3 chart = log level
+ custom 3 regex name = critical
+ custom 3 regex = level=critical
+ custom 3 ignore case = no
+
+ custom 4 chart = log level
+ custom 4 regex name = error
+ custom 4 regex = level=error
+ custom 4 ignore case = no
+
+ custom 5 chart = log level
+ custom 5 regex name = warning
+ custom 5 regex = level=warning
+ custom 5 ignore case = no
+
+ custom 6 chart = log level
+ custom 6 regex name = notice
+ custom 6 regex = level=notice
+ custom 6 ignore case = no
+
+ custom 7 chart = log level
+ custom 7 regex name = info
+ custom 7 regex = level=info
+ custom 7 ignore case = no
+
+ custom 8 chart = log level
+ custom 8 regex name = debug
+ custom 8 regex = level=debug
+ custom 8 ignore case = no
+
+[Netdata fluentbit.log]
+ ## Example: Log collector that will tail Netdata's
+ ## embedded Fluent Bit's logs
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /tmp/netdata/var/log/netdata/fluentbit.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from fluentbit.log:
+
+ ## log level chart
+ custom 1 chart = log level
+ custom 1 regex name = error
+ custom 1 regex = \[error\]
+ custom 1 ignore case = no
+
+ custom 2 chart = log level
+ custom 2 regex name = warning
+ custom 2 regex = \[warning\]
+ custom 2 ignore case = no
+
+ custom 3 chart = log level
+ custom 3 regex name = info
+ custom 3 regex = \[ info\]
+ custom 3 ignore case = no
+
+ custom 4 chart = log level
+ custom 4 regex name = debug
+ custom 4 regex = \[debug\]
+ custom 4 ignore case = no
+
+ custom 5 chart = log level
+ custom 5 regex name = trace
+ custom 5 regex = \[trace\]
+ custom 5 ignore case = no
+
+[auth.log tail]
+ ## Example: Log collector that will tail auth.log file and count
+ ## occurences of certain `sudo` commands, using POSIX regular expressions.
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/auth.log
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from auth.log:
+ # custom 1 chart = failed su
+ # # custom 1 regex name =
+ # custom 1 regex = .*\bsu\b.*\bFAILED SU\b.*
+ # custom 1 ignore case = no
+
+ # custom 2 chart = sudo commands
+ # custom 2 regex name = sudo su
+ # custom 2 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/su\b.*
+ # custom 2 ignore case = yes
+
+ # custom 3 chart = sudo commands
+ # custom 3 regex name = sudo docker run
+ # custom 3 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/docker run\b.*
+ # custom 3 ignore case = yes
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf b/src/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf
new file mode 100644
index 000000000..87921d25e
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d/example_forward.conf
@@ -0,0 +1,96 @@
+[Forward systemd]
+ ## Example: Log collector that will collect streamed Systemd logs
+ ## only for parsing, according to global "forward in" configuration
+ ## found in logsmanagement.d.conf .
+
+ ## Required settings
+ enabled = no
+ log type = flb_systemd
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Streaming input settings.
+ log source = forward
+ stream guid = 6ce266f5-2704-444d-a301-2423b9d30735
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ priority value chart = yes
+ severity chart = yes
+ facility chart = yes
+
+[Forward Docker Events]
+ ## Example: Log collector that will collect streamed Docker Events logs
+ ## only for parsing, according to global "forward in" configuration
+ ## found in logsmanagement.d.conf .
+
+ ## Required settings
+ enabled = no
+ log type = flb_docker_events
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Streaming input settings.
+ log source = forward
+ stream guid = 6ce266f5-2704-444d-a301-2423b9d30736
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ event type chart = yes
+
+[Forward collection]
+ ## Example: Log collector that will collect streamed logs of any type
+ ## according to global "forward in" configuration found in
+ ## logsmanagement.d.conf and will also save them in the logs database.
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ db mode = full
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Streaming input settings.
+ log source = forward
+ stream guid = 6ce266f5-2704-444d-a301-2423b9d30737
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf b/src/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf
new file mode 100644
index 000000000..2481795df
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d/example_mqtt.conf
@@ -0,0 +1,31 @@
+[MQTT messages]
+ ## Example: Log collector that will create a server to listen for MQTT logs over a TCP connection.
+
+ ## Required settings
+ enabled = no
+ log type = flb_mqtt
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Set up configuration specific to flb_mqtt
+ ## see also https://docs.fluentbit.io/manual/pipeline/inputs/mqtt
+ # listen = 0.0.0.0
+ # port = 1883
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ topic chart = yes
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf b/src/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf
new file mode 100644
index 000000000..7b0bb0bcb
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d/example_serial.conf
@@ -0,0 +1,38 @@
+[Serial logs]
+ ## Example: Log collector that will collect logs from a serial interface.
+
+ ## Required settings
+ enabled = no
+ log type = flb_serial
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Set up configuration specific to flb_serial
+ log path = /dev/pts/4
+ bitrate = 115200
+ min bytes = 1
+ # separator = X
+ # format = json
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Example of extracting custom metrics from serial interface messages:
+ # custom 1 chart = UART0
+ # # custom 1 regex name = test
+ # custom 1 regex = .*\bUART0\b.*
+ # # custom 1 ignore case = no
diff --git a/src/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf b/src/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf
new file mode 100644
index 000000000..2dbd416e2
--- /dev/null
+++ b/src/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf
@@ -0,0 +1,145 @@
+[syslog tail]
+ ## Example: Log collector that will tail the syslog file and count
+ ## occurences of certain keywords, using POSIX regular expressions.
+
+ ## Required settings
+ enabled = no
+ log type = flb_tail
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## This section supports auto-detection of log file path if section name
+ ## is left unchanged, otherwise it can be set manually, e.g.:
+ ## log path = /var/log/syslog
+ ## log path = /var/log/messages
+ ## See README for more information on 'log path = auto' option
+ log path = auto
+
+ ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
+ use inotify = yes
+
+ ## Submit structured log entries to the system journal
+ # submit logs to system journal = no
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+
+ ## Examples of extracting custom metrics from syslog:
+ # custom 1 chart = identifier
+ # custom 1 regex name = kernel
+ # custom 1 regex = .*\bkernel\b.*
+ # custom 1 ignore case = no
+
+ # custom 2 chart = identifier
+ # custom 2 regex name = systemd
+ # custom 2 regex = .*\bsystemd\b.*
+ # custom 2 ignore case = no
+
+ # custom 3 chart = identifier
+ # custom 3 regex name = CRON
+ # custom 3 regex = .*\bCRON\b.*
+ # custom 3 ignore case = no
+
+ # custom 3 chart = identifier
+ # custom 3 regex name = netdata
+ # custom 3 regex = .*\netdata\b.*
+ # custom 3 ignore case = no
+
+[syslog Unix socket]
+ ## Example: Log collector that will listen for RFC-3164 syslog on a UNIX
+ ## socket that will be created on /tmp/netdata-syslog.sock .
+
+ ## Required settings
+ enabled = no
+ log type = flb_syslog
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp,
+ ## please ensure the right permissions exist for this path
+ log path = /tmp/netdata-syslog.sock
+
+ ## Ruby Regular Expression to define expected syslog format
+ ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
+ ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
+ log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/
+
+ ## Set up configuration specific to flb_syslog
+ ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
+ ## Modes supported are: unix_tcp, unix_udp, tcp, udp
+ mode = unix_udp
+ # listen = 0.0.0.0
+ # port = 5140
+ unix_perm = 0666
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ priority value chart = yes
+ severity chart = yes
+ facility chart = yes
+
+[syslog TCP socket]
+ ## Example: Log collector that will listen for RFC-3164 syslog,
+ ## incoming via TCP on localhost IP and port 5140.
+
+ ## Required settings
+ enabled = no
+ log type = flb_syslog
+
+ ## Optional settings, common to all log source.
+ ## Uncomment to override global equivalents in netdata.conf.
+ # update every = 1
+ # update timeout = 10
+ # use log timestamp = auto
+ # circular buffer max size MiB = 64
+ # circular buffer drop logs if full = no
+ # compression acceleration = 1
+ # db mode = none
+ # circular buffer flush to db = 6
+ # disk space limit MiB = 500
+
+ ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp,
+ ## please ensure the right permissions exist for this path
+ # log path = /tmp/netdata-syslog.sock
+
+ ## Ruby Regular Expression to define expected syslog format
+ ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
+ ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
+ log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/
+
+ ## Set up configuration specific to flb_syslog
+ ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
+ ## Modes supported are: unix_tcp, unix_udp, tcp, udp
+ mode = tcp
+ listen = 0.0.0.0
+ port = 5140
+ # unix_perm = 0666
+
+ ## Charts to enable
+ # collected logs total chart enable = no
+ # collected logs rate chart enable = yes
+ priority value chart = yes
+ severity chart = yes
+ facility chart = yes