[syslog tail]
    ## Example: Log collector that will tail the syslog file and count 
    ## occurences of certain keywords, using POSIX regular expressions.

    ## Required settings
    enabled = no
    log type = flb_tail

    ## Optional settings, common to all log source. 
    ## Uncomment to override global equivalents in netdata.conf.
    # update every = 1
    # update timeout = 10
    # use log timestamp = auto
    # circular buffer max size MiB = 64
    # circular buffer drop logs if full = no
    # compression acceleration = 1
    # db mode = none
    # circular buffer flush to db = 6
    # disk space limit MiB = 500

    ## This section supports auto-detection of log file path if section name
    ## is left unchanged, otherwise it can be set manually, e.g.:
    ## log path = /var/log/syslog
    ## log path = /var/log/messages
    ## See README for more information on 'log path = auto' option
    log path = auto

    ## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
    use inotify = yes

    ## Submit structured log entries to the system journal
	# submit logs to system journal = no

    ## Charts to enable
    # collected logs total chart enable = no
    # collected logs rate chart enable = yes

    ## Examples of extracting custom metrics from syslog:
    # custom 1 chart = identifier
    # custom 1 regex name = kernel
    # custom 1 regex = .*\bkernel\b.*
    # custom 1 ignore case = no

    # custom 2 chart = identifier
    # custom 2 regex name = systemd
    # custom 2 regex = .*\bsystemd\b.*
    # custom 2 ignore case = no

    # custom 3 chart = identifier
    # custom 3 regex name = CRON
    # custom 3 regex = .*\bCRON\b.*
    # custom 3 ignore case = no

    # custom 3 chart = identifier
    # custom 3 regex name = netdata
    # custom 3 regex = .*\netdata\b.*
    # custom 3 ignore case = no

[syslog Unix socket]
    ## Example: Log collector that will listen for RFC-3164 syslog on a UNIX
    ## socket that will be created on /tmp/netdata-syslog.sock .

    ## Required settings
    enabled = no
    log type = flb_syslog

    ## Optional settings, common to all log source. 
    ## Uncomment to override global equivalents in netdata.conf.
    # update every = 1
    # update timeout = 10
    # use log timestamp = auto
    # circular buffer max size MiB = 64
    # circular buffer drop logs if full = no
    # compression acceleration = 1
    # db mode = none
    # circular buffer flush to db = 6
    # disk space limit MiB = 500

    ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, 
    ## please ensure the right permissions exist for this path
    log path = /tmp/netdata-syslog.sock

    ## Ruby Regular Expression to define expected syslog format
    ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
    ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
    log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/

    ## Set up configuration specific to flb_syslog
    ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
    ## Modes supported are: unix_tcp, unix_udp, tcp, udp
    mode = unix_udp
    # listen = 0.0.0.0
    # port = 5140
    unix_perm = 0666

    ## Charts to enable
    # collected logs total chart enable = no
    # collected logs rate chart enable = yes
    priority value chart = yes
    severity chart = yes
    facility chart = yes

[syslog TCP socket]
    ## Example: Log collector that will listen for RFC-3164 syslog, 
    ## incoming via TCP on localhost IP and port 5140.

    ## Required settings
    enabled = no
    log type = flb_syslog

    ## Optional settings, common to all log source. 
    ## Uncomment to override global equivalents in netdata.conf.
    # update every = 1
    # update timeout = 10
    # use log timestamp = auto
    # circular buffer max size MiB = 64
    # circular buffer drop logs if full = no
    # compression acceleration = 1
    # db mode = none
    # circular buffer flush to db = 6
    # disk space limit MiB = 500

    ## Netdata will create this socket if mode == unix_tcp or mode == unix_udp, 
    ## please ensure the right permissions exist for this path
    # log path = /tmp/netdata-syslog.sock

    ## Ruby Regular Expression to define expected syslog format
    ## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
    ## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
    log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/

    ## Set up configuration specific to flb_syslog
    ## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
    ## Modes supported are: unix_tcp, unix_udp, tcp, udp
    mode = tcp
    listen = 0.0.0.0
    port = 5140
    # unix_perm = 0666

    ## Charts to enable
    # collected logs total chart enable = no
    # collected logs rate chart enable = yes
    priority value chart = yes
    severity chart = yes
    facility chart = yes