src/logsmanagement/stock_conf/logsmanagement.d/example_syslog.conf
[syslog tail]
## Example: Log collector that will tail the syslog file and count
## occurences of certain keywords, using POSIX regular expressions.
## Required settings
enabled = no
log type = flb_tail
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## This section supports auto-detection of log file path if section name
## is left unchanged, otherwise it can be set manually, e.g.:
## log path = /var/log/syslog
## log path = /var/log/messages
## See README for more information on 'log path = auto' option
log path = auto
## Use inotify instead of file stat watcher. Set to 'no' to reduce CPU usage.
use inotify = yes
## Submit structured log entries to the system journal
# submit logs to system journal = no
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
## Examples of extracting custom metrics from syslog:
# custom 1 chart = identifier
# custom 1 regex name = kernel
# custom 1 regex = .*\bkernel\b.*
# custom 1 ignore case = no
# custom 2 chart = identifier
# custom 2 regex name = systemd
# custom 2 regex = .*\bsystemd\b.*
# custom 2 ignore case = no
# custom 3 chart = identifier
# custom 3 regex name = CRON
# custom 3 regex = .*\bCRON\b.*
# custom 3 ignore case = no
# custom 3 chart = identifier
# custom 3 regex name = netdata
# custom 3 regex = .*\netdata\b.*
# custom 3 ignore case = no
[syslog Unix socket]
## Example: Log collector that will listen for RFC-3164 syslog on a UNIX
## socket that will be created on /tmp/netdata-syslog.sock .
## Required settings
enabled = no
log type = flb_syslog
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## Netdata will create this socket if mode == unix_tcp or mode == unix_udp,
## please ensure the right permissions exist for this path
log path = /tmp/netdata-syslog.sock
## Ruby Regular Expression to define expected syslog format
## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/
## Set up configuration specific to flb_syslog
## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
## Modes supported are: unix_tcp, unix_udp, tcp, udp
mode = unix_udp
# listen = 0.0.0.0
# port = 5140
unix_perm = 0666
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
priority value chart = yes
severity chart = yes
facility chart = yes
[syslog TCP socket]
## Example: Log collector that will listen for RFC-3164 syslog,
## incoming via TCP on localhost IP and port 5140.
## Required settings
enabled = no
log type = flb_syslog
## Optional settings, common to all log source.
## Uncomment to override global equivalents in netdata.conf.
# update every = 1
# update timeout = 10
# use log timestamp = auto
# circular buffer max size MiB = 64
# circular buffer drop logs if full = no
# compression acceleration = 1
# db mode = none
# circular buffer flush to db = 6
# disk space limit MiB = 500
## Netdata will create this socket if mode == unix_tcp or mode == unix_udp,
## please ensure the right permissions exist for this path
# log path = /tmp/netdata-syslog.sock
## Ruby Regular Expression to define expected syslog format
## Please make sure <PRIVAL>, <SYSLOG_TIMESTAMP>, <HOSTNAME>, <SYSLOG_IDENTIFIER>, <PID> and <MESSAGE> are defined
## see also https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
log format = /^\<(?<PRIVAL>[0-9]+)\>(?<SYSLOG_TIMESTAMP>[^ ]* {1,2}[^ ]* [^ ]* )(?<HOSTNAME>[^ ]*) (?<SYSLOG_IDENTIFIER>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<PID>[0-9]+)\])?(?:[^\:]*\:)? *(?<MESSAGE>.*)$/
## Set up configuration specific to flb_syslog
## see also https://docs.fluentbit.io/manual/pipeline/inputs/syslog#configuration-parameters
## Modes supported are: unix_tcp, unix_udp, tcp, udp
mode = tcp
listen = 0.0.0.0
port = 5140
# unix_perm = 0666
## Charts to enable
# collected logs total chart enable = no
# collected logs rate chart enable = yes
priority value chart = yes
severity chart = yes
facility chart = yes