itamae/cookbooks/fluentd/files/etc/td-agent/conf.d/syslog_vyos.conf

46 lines
900 B
Plaintext

# For vyos syslog Monitoring:
<source>
@type syslog
port 5140
bind 0.0.0.0
protocol_type tcp
message_format auto
tag system.vyos
</source>
<filter system.vyos.**>
@type grep
<exclude>
key message
pattern (suspect value|Port3 Link|duplicate on LAN|can't get program name from|call user-defined scripts or executables|FRAG TTL expired|Port4 Link|Overriding mtu|Overriding mru|IPv6 Control Protoco)
</exclude>
</filter>
<filter system.vyos.**>
@type record_transformer
<record>
message ${record["host"]}: ${record["message"]}
</record>
</filter>
<match system.vyos.**.{debug,info,notice}>
@type null
</match>
<match system.vyos.**.{warn,err,crit,alert,emerg}>
@type copy
<store>
@type file
path /tmp/syslog_vyos.log
time_slice_format %Y%m%d
time_slice_wait 1m
</store>
<store>
@type relabel
@label @danger
</store>
</match>