itamae/cookbooks/fluentd/files/etc/td-agent/conf.d/syslog_vyos.conf

# For vyos syslog Monitoring:
<source>
  @type syslog
  port 5140
  bind 0.0.0.0
  protocol_type tcp
  message_format auto
  tag system.vyos
</source>

<filter system.vyos.**>
  @type grep

  <exclude>
    key message
    pattern (suspect value|Port3 Link|duplicate on LAN|can't get program name from|call user-defined scripts or executables|FRAG TTL expired|Port4 Link|Overriding mtu|Overriding mru|IPv6 Control Protoco)
  </exclude>
</filter>

<filter system.vyos.**>
  @type record_transformer
  <record>
    message ${record["host"]}: ${record["message"]}
  </record>
</filter>

<match system.vyos.**.{debug,info,notice}>
  @type null
</match>

<match system.vyos.**.{warn,err,crit,alert,emerg}>
  @type copy

  <store>
    @type file
    path /tmp/syslog_vyos.log
    time_slice_format %Y%m%d
    time_slice_wait 1m
  </store>

  <store>
    @type relabel
    @label @danger
  </store>
</match>
initial commit 2019-03-03 08:50:49 +00:00			`# For vyos syslog Monitoring:`
			`<source>`
			`@type syslog`
			`port 5140`
			`bind 0.0.0.0`
			`protocol_type tcp`
			`message_format auto`
			`tag system.vyos`
			`</source>`

			`<filter system.vyos.**>`
			`@type grep`

			`<exclude>`
			`key message`
			`pattern (suspect value\|Port3 Link\|duplicate on LAN\|can't get program name from\|call user-defined scripts or executables\|FRAG TTL expired\|Port4 Link\|Overriding mtu\|Overriding mru\|IPv6 Control Protoco)`
			`</exclude>`
			`</filter>`

			`<filter system.vyos.**>`
			`@type record_transformer`
			`<record>`
			`message ${record["host"]}: ${record["message"]}`
			`</record>`
			`</filter>`

			`<match system.vyos.**.{debug,info,notice}>`
			`@type null`
			`</match>`

			`<match system.vyos.**.{warn,err,crit,alert,emerg}>`
			`@type copy`

			`<store>`
			`@type file`
			`path /tmp/syslog_vyos.log`
			`time_slice_format %Y%m%d`
			`time_slice_wait 1m`
			`</store>`

			`<store>`
			`@type relabel`
			`@label @danger`
			`</store>`
			`</match>`