Skip to content

Instantly share code, notes, and snippets.

@nbari

nbari/syslog-ng

Created November 27, 2017 15:36
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
syslog-ng 2 elasticsearch
Raw
syslog-ng
# This file is managed by Puppet. DO NOT EDIT.
# This file was generated by Puppet's ihrwein-syslog_ng module
@version: 3.8
@module mod-java
@include "scl.conf"
options {
chain_hostnames(yes);
keep_hostname(no);
log_fifo_size(1000);
normalize_hostnames(yes);
time_reopen(10);
ts-format(iso);
use_dns(no);
};
parser p_audit {
linux-audit-parser(
);
};
filter f_audit {
message(
"msg=audit"
);
};
source s_local {
systemd-journal(
prefix(
.SDATA.journald.
)
);
};
source s_remote {
syslog(
transport(
tcp
)
);
};
destination d_all {
file(
/var/log/all.log
);
};
destination d_audit {
file(
"/var/log/remote/${HOST}/${YEAR}/${MONTH}/${DAY}/audit.log",
create-dirs(
yes
)
);
};
destination d_elastic {
elasticsearch2(
client_mode(
"http"
),
cluster_url(
"http://10.20.20.13:9200"
),
index(
"syslog-ng_${YEAR}.${MONTH}.${DAY}"
),
type(
"syslog"
),
cluster(
"elasticsearch"
),
flush_limit(
"0"
),
template(
"$(format-json --scope rfc5424 --scope nv-pairs --exclude DATE --key ISODATE)"
)
);
};
destination d_logs {
file(
"/var/log/remote/${HOST}/${YEAR}/${MONTH}/${DAY}/$FACILITY.log",
create-dirs(
yes
)
);
};
log {
source(s_remote);
filter(f_audit);
parser(p_audit);
destination(d_audit);
destination(d_elastic);
flags(final flow-control);
};
log {
source(s_local);
destination(d_all);
destination(d_elastic);
flags(flow-control);
};
log {
source(s_remote);
destination(d_logs);
destination(d_elastic);
flags(flow-control);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment