# For vyos syslog Monitoring: @type syslog port 5140 bind 0.0.0.0 protocol_type tcp message_format auto tag system.vyos @type grep key message pattern (suspect value|Port3 Link|duplicate on LAN|can't get program name from|call user-defined scripts or executables|FRAG TTL expired|Port4 Link|Overriding mtu|Overriding mru|IPv6 Control Protoco) @type record_transformer message ${record["host"]}: ${record["message"]} @type null @type copy @type file path /tmp/syslog_vyos.log time_slice_format %Y%m%d time_slice_wait 1m @type relabel @label @danger