itamae/cookbooks/vector/templates/etc/promtail/syslog.yaml

server:
  disable: true

positions:
  filename: /var/opt/promtail/promtail_syslog_position.yaml

clients:
  - url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push

scrape_configs:
  - job_name: syslog
    static_configs:
    - targets:
        - localhost
      labels:
        job: syslog
        __path__: /var/log/vector/*.log

    pipeline_stages:
    - json:
        expressions:
          appname:
          hostname:
          level: severity
          message:
          timestamp:

    - labels:
        appname:
        hostname:
        level:

    - match:
        selector: '{job="syslog", level=~"(debug|DEBUG)"}'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname=~"(storageRM|sdrsInjector)"} |= "getting state for"'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="Hostd"} |~ "(->|IpmiIfcOpenIpmiOpen|LikewiseGetDomainJoinInfo|AddVirtualMachine: VM|Solo.HttpSvc.HTTPService|VigorCallback received fault|vim.fault.InvalidPowerState|Unable to get resource settings for a powered on VM|VigorOnlineStatusCb|N7Vmacore16TimeoutExceptionE|Calculated write I/O size)"'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="smartd"} |~ "(REALLOCATED SECTOR CT below threshold)"'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="backup.sh"} |~ "(esx.conf|Creating archive)"'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="Rhttpproxy"} |~ "(warning rhttpproxy|->|last log rotation time)"'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="usbarb", level="notice"}'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new", appname="vmauthd", level="notice"}'
        action: drop

    - match:
        selector: '{job="syslog", hostname="esxi-new"}'
        stages:
        - timestamp:
            source: timestamp
            format: 2006-01-02T15:04:05.999Z
            location: Etc/GMT

        - template:
            source: level
            template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'

        - labeldrop:
            - appname

        - output:
            source: message

    - match:
        selector: '{job="syslog", hostname="ubnt", appname="openvpn", level="notice"}'
        action: drop

    - match:
        selector: '{job="syslog", hostname="ubnt", appname="sudo", level="info"}'
        action: drop

    - match:
        selector: '{job="syslog", hostname="ubnt"}'
        stages:
        - timestamp:
            source: timestamp
            format: 2006-01-02T15:04:05.999Z
            location: Asia/Bangkok

        - template:
            source: level
            template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'

        - labels:
            level:
            hostname:

        - labeldrop:
            - appname

        - output:
            source: message

    - match:
        selector: '{job="syslog", hostname="ds418"}'
        stages:
        - timestamp:
            source: timestamp
            format: 2006-01-02T15:04:05.999Z
            location: Asia/Bangkok

        - template:
            source: level
            template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'

        - labels:
            level:
            hostname:

        - labeldrop:
            - appname

        - output:
            source: message
Set up `vector` for `syslog`. 2020-10-31 07:53:32 +00:00			`server:`
			`disable: true`

			`positions:`
			`filename: /var/opt/promtail/promtail_syslog_position.yaml`

			`clients:`
			`- url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push`

			`scrape_configs:`
			`- job_name: syslog`
			`static_configs:`
			`- targets:`
			`- localhost`
			`labels:`
			`job: syslog`
			`__path__: /var/log/vector/*.log`

			`pipeline_stages:`
			`- json:`
			`expressions:`
			`appname:`
			`hostname:`
			`level: severity`
			`message:`
			`timestamp:`

			`- labels:`
			`appname:`
			`hostname:`
			`level:`

			`- match:`
			`selector: '{job="syslog", level=~"(debug\|DEBUG)"}'`
			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new", appname=~"(storageRM\|sdrsInjector)"} \|= "getting state for"'`
			`action: drop`

			`- match:`
Ignore "Calculated write I/O size" message. 2020-12-06 03:23:06 +00:00			`selector: '{job="syslog", hostname="esxi-new", appname="Hostd"} \|~ "(->\|IpmiIfcOpenIpmiOpen\|LikewiseGetDomainJoinInfo\|AddVirtualMachine: VM\|Solo.HttpSvc.HTTPService\|VigorCallback received fault\|vim.fault.InvalidPowerState\|Unable to get resource settings for a powered on VM\|VigorOnlineStatusCb\|N7Vmacore16TimeoutExceptionE\|Calculated write I/O size)"'`
Set up `vector` for `syslog`. 2020-10-31 07:53:32 +00:00			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new", appname="smartd"} \|~ "(REALLOCATED SECTOR CT below threshold)"'`
			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new", appname="backup.sh"} \|~ "(esx.conf\|Creating archive)"'`
			`action: drop`

			`- match:`
Ignore "Last log rotation time" message. 2020-12-06 03:23:39 +00:00			`selector: '{job="syslog", hostname="esxi-new", appname="Rhttpproxy"} \|~ "(warning rhttpproxy\|->\|last log rotation time)"'`
Modify `promtail` config for `syslog` monitoring. 2020-11-12 07:10:00 +00:00			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new", appname="usbarb", level="notice"}'`
			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new", appname="vmauthd", level="notice"}'`
Set up `vector` for `syslog`. 2020-10-31 07:53:32 +00:00			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="esxi-new"}'`
			`stages:`
			`- timestamp:`
			`source: timestamp`
			`format: 2006-01-02T15:04:05.999Z`
			`location: Etc/GMT`

			`- template:`
			`source: level`
			`template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'`

			`- labeldrop:`
			`- appname`

			`- output:`
			`source: message`

			`- match:`
			`selector: '{job="syslog", hostname="ubnt", appname="openvpn", level="notice"}'`
			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="ubnt", appname="sudo", level="info"}'`
			`action: drop`

			`- match:`
			`selector: '{job="syslog", hostname="ubnt"}'`
			`stages:`
Modify `promtail` config for `syslog` monitoring. 2020-11-12 07:10:00 +00:00			`- timestamp:`
			`source: timestamp`
			`format: 2006-01-02T15:04:05.999Z`
			`location: Asia/Bangkok`

			`- template:`
			`source: level`
			`template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'`
Set up `vector` for `syslog`. 2020-10-31 07:53:32 +00:00
Modify `promtail` config for `syslog` monitoring. 2020-11-12 07:10:00 +00:00			`- labels:`
			`level:`
			`hostname:`

			`- labeldrop:`
			`- appname`

			`- output:`
			`source: message`

			`- match:`
			`selector: '{job="syslog", hostname="ds418"}'`
			`stages:`
Set up `vector` for `syslog`. 2020-10-31 07:53:32 +00:00			`- timestamp:`
			`source: timestamp`
			`format: 2006-01-02T15:04:05.999Z`
			`location: Asia/Bangkok`

			`- template:`
			`source: level`
			`template: '{{ regexReplaceAllLiteral "err" .Value "error" }}'`

			`- labels:`
			`level:`
			`hostname:`

			`- labeldrop:`
			`- appname`

			`- output:`
			`source: message`