itamae/cookbooks/fluentd/files/etc/td-agent/conf.d/forwarder_auth.conf

29 lines
541 B
Plaintext
Raw Normal View History

2019-03-03 08:50:49 +00:00
<source>
@type tail
path /var/log/auth.log
pos_file /var/log/td-agent/auth.pos
format syslog
tag auth
</source>
<filter auth>
@type record_transformer
<record>
message ${hostname}: ${record["message"]}
</record>
</filter>
<filter auth>
@type grep
<exclude>
key message
pattern (CRON|Did not receive identification string from|sudo|pam_unix|seat|Removed session|Received disconnect|New session|Accepted publickey|Disconnected)
</exclude>
</filter>
<match auth>
@type relabel
@label @forward
</match>