# For vyos syslog Monitoring:
<source>
  @type syslog
  port 5140
  bind 0.0.0.0
  protocol_type tcp
  message_format auto
  tag system.vyos
</source>

<filter system.vyos.**>
  @type grep

  <exclude>
    key message
    pattern (suspect value|Port3 Link|duplicate on LAN|can't get program name from|call user-defined scripts or executables|FRAG TTL expired|Port4 Link|Overriding mtu|Overriding mru|IPv6 Control Protoco)
  </exclude>
</filter>

<filter system.vyos.**>
  @type record_transformer
  <record>
    message ${record["host"]}: ${record["message"]}
  </record>
</filter>

<match system.vyos.**.{debug,info,notice}>
  @type null
</match>

<match system.vyos.**.{warn,err,crit,alert,emerg}>
  @type copy

  <store>
    @type file
    path /tmp/syslog_vyos.log
    time_slice_format %Y%m%d
    time_slice_wait 1m
  </store>

  <store>
    @type relabel
    @label @danger
  </store>
</match>