2023-06-23 08:12:05 +02:00
|
|
|
# __ __ __
|
|
|
|
|
# \ \ / / / /
|
|
|
|
|
# \ V / / /
|
|
|
|
|
# \_/ \/
|
|
|
|
|
#
|
|
|
|
|
# V E C T O R
|
|
|
|
|
# Configuration
|
|
|
|
|
#
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
# Website: https://vector.dev
|
|
|
|
|
# Docs: https://vector.dev/docs
|
|
|
|
|
# Chat: https://chat.vector.dev
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# Change this to use a non-default directory for Vector data storage:
|
|
|
|
|
# data_dir = "/var/lib/vector"
|
|
|
|
|
#>GNUNUX
|
|
|
|
|
data_dir = "/srv/vector"
|
|
|
|
|
#<GNUNUX
|
|
|
|
|
|
|
|
|
|
# Random Syslog-formatted logs
|
|
|
|
|
#>GNUNUX
|
|
|
|
|
#[sources.dummy_logs]
|
|
|
|
|
#type = "demo_logs"
|
|
|
|
|
#format = "syslog"
|
|
|
|
|
#interval = 1
|
|
|
|
|
{% if general.vector.client_addresses %}
|
2023-08-11 09:38:05 +02:00
|
|
|
#from journal
|
2023-06-23 08:12:05 +02:00
|
|
|
[sources.vector_client]
|
|
|
|
|
type = "vector"
|
2023-07-31 15:30:32 +02:00
|
|
|
{% for address in general.vector.listen_addresses %}
|
|
|
|
|
address = "{{ address }}:8686"
|
|
|
|
|
{% endfor %}
|
2023-06-23 08:12:05 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
[sources.remote_journal]
|
|
|
|
|
type = "journald"
|
|
|
|
|
#journal_directory = "/var/log/journal/remote/"
|
|
|
|
|
journalctl_path = "/usr/local/lib/sbin/vector_journalctl"
|
|
|
|
|
current_boot_only = false
|
|
|
|
|
#<GNUNUX
|
|
|
|
|
|
|
|
|
|
# Parse Syslog logs
|
|
|
|
|
# See the Vector Remap Language reference for more info: https://vrl.dev
|
|
|
|
|
#>GNUNUX
|
|
|
|
|
#[transforms.parse_logs]
|
|
|
|
|
#type = "remap"
|
|
|
|
|
#inputs = ["dummy_logs"]
|
|
|
|
|
#source = '''
|
|
|
|
|
#. = parse_syslog!(string!(.message))
|
|
|
|
|
#'''
|
|
|
|
|
[transforms.filter_logs]
|
|
|
|
|
type = "filter"
|
|
|
|
|
{% if general.vector.client_addresses %}
|
|
|
|
|
inputs = ["vector_client", "remote_journal"]
|
|
|
|
|
{% else %}
|
|
|
|
|
inputs = ["remote_journal"]
|
|
|
|
|
{% endif %}
|
|
|
|
|
condition = '{{ accounts.vector_conditions }}'
|
|
|
|
|
|
|
|
|
|
[transforms.parse_logs]
|
|
|
|
|
type = "remap"
|
|
|
|
|
inputs = ["filter_logs"]
|
|
|
|
|
# "syslog_identifier": .SYSLOG_IDENTIFIER,
|
|
|
|
|
source = '''
|
|
|
|
|
if is_null(.SYSLOG_IDENTIFIER) {
|
|
|
|
|
.SYSLOG_IDENTIFIER = ._SYSTEMD_UNIT
|
|
|
|
|
}
|
|
|
|
|
. = {
|
|
|
|
|
"message" : .message,
|
|
|
|
|
"timestamp": .timestamp,
|
|
|
|
|
"hostname" : .host,
|
|
|
|
|
"priority": .PRIORITY,
|
|
|
|
|
"identifier": .SYSLOG_IDENTIFIER,
|
|
|
|
|
"uid": ._UID,
|
|
|
|
|
"gid": ._GID,
|
|
|
|
|
"pid": ._PID,
|
|
|
|
|
"severity": to_syslog_level(to_int(.PRIORITY) ?? 0) ?? ""
|
|
|
|
|
}
|
|
|
|
|
'''
|
|
|
|
|
#<GNUNUX
|
|
|
|
|
|
|
|
|
|
# Print parsed logs to stdout
|
|
|
|
|
#>GNUNUX
|
|
|
|
|
#[sinks.print]
|
|
|
|
|
#type = "console"
|
|
|
|
|
#inputs = ["parse_logs"]
|
|
|
|
|
#encoding.codec = "json"
|
|
|
|
|
#[sinks.file_text_output]
|
|
|
|
|
#type = "file"
|
|
|
|
|
#inputs = ["parse_logs"]
|
|
|
|
|
#encoding.codec = "json"
|
|
|
|
|
#{% raw %}path = "/srv/vector/logs/by-host/{{ hostname }}/%Y-%m-%d.log"{% endraw %}
|
|
|
|
|
|
|
|
|
|
[sinks.loki_output]
|
|
|
|
|
type = "loki"
|
|
|
|
|
inputs = ["parse_logs"]
|
|
|
|
|
endpoint = "http://{{ general.loki.server_domainname }}:3100"
|
|
|
|
|
encoding.codec = "json"
|
|
|
|
|
{%- raw %}
|
|
|
|
|
labels = {app="{{ identifier }}", host=" {{ hostname }}", severity="{{ severity }}"}
|
|
|
|
|
{% endraw -%}
|
|
|
|
|
#<GNUNUX
|
|
|
|
|
|
|
|
|
|
# Vector's GraphQL API (disabled by default)
|
|
|
|
|
# Uncomment to try it out with the `vector top` command or
|
|
|
|
|
# in your browser at http://localhost:8686
|
|
|
|
|
#[api]
|
|
|
|
|
#enabled = true
|
|
|
|
|
#address = "127.0.0.1:8686"
|
|
|
|
|
#>GNUNUX
|
|
|
|
|
[api]
|
|
|
|
|
enabled = true
|
|
|
|
|
address = "127.0.0.1:8686"
|
|
|
|
|
#<GNUNUX
|
