From e113a42adea09d76a70cd566a4cfb52f015573cc Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Fri, 22 Oct 2021 15:19:30 +0900 Subject: [PATCH] Modify `syslog.toml` to directly sending logs to `Loki`. --- cookbooks/vector/files/etc/vector/syslog.toml | 44 +++++++++++++++---- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/cookbooks/vector/files/etc/vector/syslog.toml b/cookbooks/vector/files/etc/vector/syslog.toml index 1848a9f..0db363d 100644 --- a/cookbooks/vector/files/etc/vector/syslog.toml +++ b/cookbooks/vector/files/etc/vector/syslog.toml @@ -5,12 +5,40 @@ data_dir = "/var/lib/vector" mode = "tcp" # required type = "syslog" # required -[sinks.syslog-file] - # General - type = "file" # required - inputs = ["syslog"] # required - healthcheck = true # optional, default - path = "/var/log/vector/syslog.log" # required +[transforms.reformat-syslog] + type = "remap" + inputs = [ "syslog" ] + source = """ + if contains(.severity, "err") { + .severity = "error" + } + + .sev_filter = !includes(["info", "debug", "notice"], .severity) + .msg_filter, err = !match_any(.message, [r'->', r'already registered', r'pam_unix(sudo:session)', r'/opt/vyatta/sbin/ubnt_vtysh', r'ERROR_FILE_NOT_FOUND', r'IpmiIfcOpenIpmiOpen', r'REALLOCATED SECTOR CT below threshold']) + """ + +[transforms.filter-syslog] + type = "filter" + inputs = [ "reformat-syslog" ] + condition = '.sev_filter == true && .msg_filter == true' + +[sinks.docker-logs] + type = "loki" + inputs = ["filter-syslog"] + endpoint = "http://192.168.10.101:3100" + healthcheck = true + remove_timestamp = true + + encoding.codec = "text" + + labels.level = "{{ severity }}" + labels.job = "syslog" + labels.hostname = "{{ host }}" + +[sinks.file] + type = "file" + inputs = ["reformat-syslog"] + compression = "none" + path = "/tmp/vector-%Y-%m-%d.log" + encoding = "ndjson" - # Encoding - encoding.codec = "ndjson" # required