api/docker_rsyslog.conf
# rsyslog configuration file
#
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### Global directives ####
# # Sets the directory that rsyslog uses for work files.
global(workDirectory="/var/lib/rsyslog")
global(abortOnUncleanConfig="on")
#### Modules ####
module(load="imfile")
module(load="omelasticsearch")
#### Rules ####
input(type="imfile"
File="/var/log/api.output.log"
Tag="api:notice"
)
input(type="imfile"
File="/var/log/api.error.log"
Tag="api:error"
Severity="error"
)
set $.env = getenv("NODE_ENV");
set $.release = getenv("RELEASE");
set $!es_record_id = $uuid;
template(
name="bulkid-template"
type="list"
) {
property(name="$!es_record_id")
}
template(
name="apiLogsIndexName"
type="string"
string="%$.env%-api-logs"
)
template(
name="apiCallsIndexName"
type="string"
string="%$.env%-api-calls"
)
template(
name="apiTasksIndexName"
type="string"
string="%$.env%-api-tasks"
)
template(
name="mongoMetricsIndexName"
type="string"
string="%$.env%-mongo-metrics"
)
template(
name="apiLogs"
type="list"
option.jsonf="on"
option.casesensitive="on"
) {
property(outname="@timestamp" name="timereported" format="jsonf" dateFormat="rfc3339")
property(outname="host" name="hostname" format="jsonf")
property(outname="release" name="$.release" format="jsonf")
property(outname="message" name="msg" format="jsonf")
property(outname="severity" name="syslogseverity-text" format="jsonf")
property(outname="syslogtag" name="syslogtag" format="jsonf")
}
template(
name="apiJSON"
type="string"
string="{\"@timestamp\":\"%timereported:::date-rfc3339%\",\"host\":\"%HOSTNAME%\",\"release\":\"%$.release%\",%.msg%"
)
set $.msglen = strlen($msg);
if ($msg startswith 'info: api {') then {
set $.msg = substring($msg, 11, $.msglen);
action(
type="omelasticsearch"
server=`echo $ES_HOST`
serverport="443"
usehttps="on"
uid=`echo $ES_USER`
pwd=`echo $ES_PASSWORD`
template="apiJSON"
dynSearchIndex="on"
searchIndex="apiCallsIndexName"
searchType="_doc"
bulkmode="on"
dynbulkid="on"
bulkid="bulkid-template"
writeoperation="create"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1"
)
stop
} else if ($msg startswith 'info: tasks {') then {
set $.msg = substring($msg, 13, $.msglen);
action(
type="omelasticsearch"
server=`echo $ES_HOST`
serverport="443"
usehttps="on"
uid=`echo $ES_USER`
pwd=`echo $ES_PASSWORD`
template="apiJSON"
dynSearchIndex="on"
searchIndex="apiTasksIndexName"
searchType="_doc"
bulkmode="on"
dynbulkid="on"
bulkid="bulkid-template"
writeoperation="create"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1"
)
stop
} else if ($msg startswith 'info: mongo-metrics {') then {
set $.msg = substring($msg, 21, $.msglen);
action(
type="omelasticsearch"
server=`echo $ES_HOST`
serverport="443"
usehttps="on"
uid=`echo $ES_USER`
pwd=`echo $ES_PASSWORD`
template="apiJSON"
dynSearchIndex="on"
searchIndex="mongoMetricsIndexName"
searchType="_doc"
bulkmode="on"
dynbulkid="on"
bulkid="bulkid-template"
writeoperation="create"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1"
)
stop
}
action(
type="omelasticsearch"
server=`echo $ES_HOST`
serverport="443"
usehttps="on"
uid=`echo $ES_USER`
pwd=`echo $ES_PASSWORD`
template="apiLogs"
dynSearchIndex="on"
searchIndex="apiLogsIndexName"
searchType="_doc"
bulkmode="on"
dynbulkid="on"
bulkid="bulkid-template"
writeoperation="create"
queue.type="linkedlist"
queue.size="5000"
queue.dequeuebatchsize="300"
action.resumeretrycount="-1"
)