35 lines
No EOL
802 B
TOML
35 lines
No EOL
802 B
TOML
[sources.syslog_file_logs]
|
|
type = "file"
|
|
include = ["/var/log/syslog"]
|
|
read_from = "end"
|
|
|
|
[transforms.parse_syslog_file_logs]
|
|
type = "remap"
|
|
inputs = ["syslog_file_logs"]
|
|
source = '''
|
|
source_file = .file
|
|
source_syslog_message = .message
|
|
|
|
syslog_message, err = parse_syslog(source_syslog_message)
|
|
|
|
if err != null {
|
|
abort
|
|
}
|
|
|
|
. = {}
|
|
.timestamp = now()
|
|
.message = syslog_message.message
|
|
.file = source_file
|
|
'''
|
|
|
|
[sinks.syslog_file_to_es]
|
|
type = "elasticsearch"
|
|
inputs = ["parse_syslog_file_logs"]
|
|
compression = "none"
|
|
healthcheck = true
|
|
auth.strategy= "basic"
|
|
auth.user = "{{ elastic_login }}"
|
|
auth.password = "{{ elastic_password }}"
|
|
endpoint = "{{ elastic_url }}"
|
|
normal.index = "system-logs"
|
|
id_key = "event_uuid" |