src/logsmanagement/stock_conf/logsmanagement.d/default.conf
# ------------------------------------------------------------------------------
# Netdata Logs Management default configuration
# See full explanation on https://github.com/netdata/netdata/blob/master/src/logsmanagement/README.md
#
# To add a new log source, a new section must be added in this
# file with at least the following settings:
#
# [LOG SOURCE NAME]
# enabled = yes
# log type = flb_tail
#
# For a list of all available log types, see:
# https://github.com/netdata/netdata/blob/master/src/logsmanagement/README.md#types-of-available-collectors
#
# ------------------------------------------------------------------------------
[kmsg Logs]
## Example: Log collector that will collect new kernel ring buffer logs
## Required settings
enabled = yes
log type = flb_kmsg
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
use log timestamp = no
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## Drop kernel logs with priority higher than prio_level.
# prio level = 8
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
severity chart = yes
subsystem chart = yes
device chart = yes
## Example of capturing specific kmsg events:
# custom 1 chart = USB connect/disconnect
# custom 1 regex name = connect
# custom 1 regex = .*\bNew USB device found\b.*
# custom 2 chart = USB connect/disconnect
# custom 2 regex name = disconnect
# custom 2 regex = .*\bUSB disconnect\b.*
[Systemd Logs]
## Example: Log collector that will query journald to collect system logs
## Required settings
enabled = yes
log type = flb_systemd
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## Use default path to Systemd Journal
log path = auto
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
priority value chart = yes
severity chart = yes
facility chart = yes
[Docker Events Logs]
## Example: Log collector that will monitor the Docker daemon socket and
## collect Docker event logs in a default format similar to executing
## the `sudo docker events` command.
## Required settings
enabled = yes
log type = flb_docker_events
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## Use default Docker socket UNIX path: /var/run/docker.sock
log path = auto
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
event type chart = yes
event action chart = yes
## Example of how to capture create / attach / die events for a named container:
# custom 1 chart = serverA events
# custom 1 regex name = container create
# custom 1 regex = .*\bcontainer create\b.*\bname=serverA\b.*
# custom 2 chart = serverA events
# custom 2 regex name = container attach
# custom 2 regex = .*\bcontainer attach\b.*\bname=serverA\b.*
# custom 3 chart = serverA events
# custom 3 regex name = container die
# custom 3 regex = .*\bcontainer die\b.*\bname=serverA\b.*
## Stream to https://cloud.openobserve.ai/
# output 1 name = http
# output 1 URI = YOUR_API_URI
# output 1 Host = api.openobserve.ai
# output 1 Port = 443
# output 1 tls = On
# output 1 Format = json
# output 1 Json_date_key = _timestamp
# output 1 Json_date_format = iso8601
# output 1 HTTP_User = test@netdata.cloud
# output 1 HTTP_Passwd = YOUR_OPENOBSERVE_PASSWORD
# output 1 compress = gzip
## Real-time export to /tmp/docker_event_logs.csv
# output 2 name = file
# output 2 Path = /tmp
# output 2 File = docker_event_logs.csv
[Apache access.log]
## Example: Log collector that will tail Apache's access.log file and
## parse each new record to extract common web server metrics.
## Required settings
enabled = yes
log type = flb_web_log
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /var/log/apache2/access.log
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## Auto-detect web log format, otherwise it can be set manually, e.g.:
## log format = %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
## see https://httpd.apache.org/docs/2.4/logs.html#accesslog
log format = auto
## Detect errors such as illegal port numbers or response codes.
verify parsed logs = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
vhosts chart = yes
ports chart = yes
IP versions chart = yes
unique client IPs - current poll chart = yes
unique client IPs - all-time chart = no
http request methods chart = yes
http protocol versions chart = yes
bandwidth chart = yes
timings chart = yes
response code families chart = yes
response codes chart = yes
response code types chart = yes
SSL protocols chart = yes
SSL chipher suites chart = yes
[Nginx access.log]
## Example: Log collector that will tail Nginx's access.log file and
## parse each new record to extract common web server metrics.
## Required settings
enabled = yes
log type = flb_web_log
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /var/log/nginx/access.log
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## see https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log
log format = $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length $request_time "$http_referer" "$http_user_agent"
## Detect errors such as illegal port numbers or response codes.
verify parsed logs = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
vhosts chart = yes
ports chart = yes
IP versions chart = yes
unique client IPs - current poll chart = yes
unique client IPs - all-time chart = no
http request methods chart = yes
http protocol versions chart = yes
bandwidth chart = yes
timings chart = yes
response code families chart = yes
response codes chart = yes
response code types chart = yes
SSL protocols chart = yes
SSL chipher suites chart = yes
[Netdata daemon.log]
## Example: Log collector that will tail Netdata's daemon.log and
## it will generate log level charts based on custom regular expressions.
## Required settings
enabled = yes
log type = flb_tail
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /tmp/netdata/var/log/netdata/daemon.log
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
## Examples of extracting custom metrics from Netdata's daemon.log:
## log level chart
custom 1 chart = log level
custom 1 regex name = emergency
custom 1 regex = level=emergency
custom 1 ignore case = no
custom 2 chart = log level
custom 2 regex name = alert
custom 2 regex = level=alert
custom 2 ignore case = no
custom 3 chart = log level
custom 3 regex name = critical
custom 3 regex = level=critical
custom 3 ignore case = no
custom 4 chart = log level
custom 4 regex name = error
custom 4 regex = level=error
custom 4 ignore case = no
custom 5 chart = log level
custom 5 regex name = warning
custom 5 regex = level=warning
custom 5 ignore case = no
custom 6 chart = log level
custom 6 regex name = notice
custom 6 regex = level=notice
custom 6 ignore case = no
custom 7 chart = log level
custom 7 regex name = info
custom 7 regex = level=info
custom 7 ignore case = no
custom 8 chart = log level
custom 8 regex name = debug
custom 8 regex = level=debug
custom 8 ignore case = no
[Netdata fluentbit.log]
## Example: Log collector that will tail Netdata's
## embedded Fluent Bit's logs
## Required settings
enabled = no
log type = flb_tail
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /tmp/netdata/var/log/netdata/fluentbit.log
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
## Examples of extracting custom metrics from fluentbit.log:
## log level chart
custom 1 chart = log level
custom 1 regex name = error
custom 1 regex = \[error\]
custom 1 ignore case = no
custom 2 chart = log level
custom 2 regex name = warning
custom 2 regex = \[warning\]
custom 2 ignore case = no
custom 3 chart = log level
custom 3 regex name = info
custom 3 regex = \[ info\]
custom 3 ignore case = no
custom 4 chart = log level
custom 4 regex name = debug
custom 4 regex = \[debug\]
custom 4 ignore case = no
custom 5 chart = log level
custom 5 regex name = trace
custom 5 regex = \[trace\]
custom 5 ignore case = no
[auth.log tail]
## Example: Log collector that will tail auth.log file and count
## occurences of certain `sudo` commands, using POSIX regular expressions.
## Required settings
enabled = no
log type = flb_tail
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /var/log/auth.log
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
## Examples of extracting custom metrics from auth.log:
# custom 1 chart = failed su
# # custom 1 regex name =
# custom 1 regex = .*\bsu\b.*\bFAILED SU\b.*
# custom 1 ignore case = no
# custom 2 chart = sudo commands
# custom 2 regex name = sudo su
# custom 2 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/su\b.*
# custom 2 ignore case = yes
# custom 3 chart = sudo commands
# custom 3 regex name = sudo docker run
# custom 3 regex = .*\bsudo\b.*\bCOMMAND=/usr/bin/docker run\b.*
# custom 3 ignore case = yes