Daniel Jaglowski
40b485f08a
Update core for v0.90.0 release (#29539)
|
1 year ago | |
|---|---|---|
| .. | ||
| examples | 1 year ago | |
| internal | 1 year ago | |
| Makefile | 1 year ago | |
| README.md | 1 year ago | |
| config.go | 1 year ago | |
| config_test.go | 1 year ago | |
| doc.go | 1 year ago | |
| exporter.go | 1 year ago | |
| exporter_test.go | 1 year ago | |
| factory.go | 1 year ago | |
| factory_test.go | 1 year ago | |
| formatter.go | 1 year ago | |
| go.mod | 1 year ago | |
| go.sum | 1 year ago | |
| metadata.yaml | 1 year ago | |
| rfc3164_formatter.go | 1 year ago | |
| rfc3164_formatter_test.go | 1 year ago | |
| rfc5424_formatter.go | 1 year ago | |
| rfc5424_formatter_test.go | 1 year ago | |
| sender.go | 1 year ago | |
| utils.go | 1 year ago | |
| utils_test.go | 1 year ago | |
README.md
Syslog Exporter
| Status | |
|---|---|
| Stability | alpha: logs |
| Distributions | contrib |
| Issues |   |
| Code Owners | @kkujawa-sumo, @rnishtala-sumo, @astencel-sumo |
The Syslog exporter sends logs in syslog format to a remote syslog server.
It supports syslog protocols RFC5424 and RFC3164 and can send data over TCP or UDP.
The exporter aims to be compatible with the Syslog receiver.
This means that syslog messages received via the Syslog receiver and exported via the Syslog exporter should be unchanged.
Configuration
The following configuration options are available:
endpoint- (required) syslog endpointnetwork- (default =tcp) tcp/udpport- (default =514) A syslog portprotocol- (default =rfc5424) rfc5424/rfc3164rfc5424- Expects the syslog messages to be rfc5424 compliantrfc3164- Expects the syslog messages to be rfc3164 compliant
tls- configuration for TLS/mTLSinsecure(default =false) whether to enable client transport security, by default, TLS is enabled.cert_file- Path to the TLS cert to use for TLS required connections. Should only be used ifinsecureis set tofalse.key_file- Path to the TLS key to use for TLS required connections. Should only be used ifinsecureis set tofalse.ca_file- Path to the CA cert. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA. Should only be used ifinsecureis set tofalse.insecure_skip_verify- (default =false) whether to skip verifying the certificate or not.min_version(default =1.2) Minimum acceptable TLS versionmax_version(default =""handled by crypto/tls - currently TLS 1.3) Maximum acceptable TLS version.reload_interval- Specifies the duration after which the certificate will be reloaded. If not set, it will never be reloaded.
retry_on_failureenabled(default =true)initial_interval(default =5s): Time to wait after the first failure before retrying; ignored ifenabledisfalsemax_interval(default = 30s): Is the upper bound on backoff; ignored ifenabledisfalsemax_elapsed_time(default =120s): Is the maximum amount of time spent trying to send a batch; ignored ifenabledisfalse
sending_queueenabled(default =false)num_consumers(default =10): Number of consumers that dequeue batches; ignored ifenabledisfalsequeue_size(default =5000): Maximum number of batches kept in memory before data; ignored ifenabledisfalse; User should calculate this asnum_seconds * requests_per_secondwhere:num_secondsis the number of seconds to buffer in case of a backend outagerequests_per_secondis the average number of requests per seconds.storage(default =none): When set, enables persistence and uses the component specified as a storage extension for the persistent queue
timeout(default = 5s) Time to wait per individual attempt to send data to a backend
Examples
RFC5424
When configured with protocol: rfc5424, the exporter creates one syslog message for each log record,
based on the following record-level attributes of the log.
If an attribute is missing, the default value is used.
The log's timestamp field is used for the syslog message's time.
| Attribute name | Type | Default value |
|---|---|---|
appname |
string | - |
hostname |
string | - |
message |
string | empty string |
msg_id |
string | - |
priority |
int | 165 |
proc_id |
string | - |
structured_data |
map | - |
version |
int | 1 |
Here's a simplified representation of an input log record:
{
"body": "",
"timeUnixNano": 1065903255003000000,
"attributes":
{
"appname": "su",
"hostname": "mymachine.example.com",
"message": "'su root' failed for lonvick on /dev/pts/8",
"priority": 34,
}
}
And here's the output message based on the above log record:
<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - - - 'su root' failed for lonvick on /dev/pts/8
Here'a another example, this includes the structured data and other attributes:
{
"body": "",
"timeUnixNano": 1438811939693012000,
"attributes":
{
"appname": "SecureAuth0",
"hostname": "192.168.2.132",
"message": "Found the user for retrieving user's profile",
"msg_id": "ID52020",
"priority": 86,
"proc_id": "23108",
"structured_data":
{
"SecureAuth@27389":
{
"UserHostAddress":"192.168.2.132",
"Realm":"SecureAuth0",
"UserID":"Tester2",
"PEN":"27389"
}
},
"version": 1
}
}
Output:
<86>1 2015-08-05T21:58:59.693012Z 192.168.2.132 SecureAuth0 23108 ID52020 [SecureAuth@27389 UserHostAddress="192.168.2.132" Realm="SecureAuth0" UserID="Tester2" PEN="27389"] Found the user for retrieving user's profile
RFC3164
When configured with protocol: rfc3164, the exporter creates one syslog message for each log record,
based on the following record-level attributes of the log.
If an attribute is missing, the default value is used.
The log's timestamp field is used for the syslog message's time.
| Attribute name | Type | Default value |
|---|---|---|
appname |
string | empty string |
hostname |
string | - |
message |
string | empty string |
priority |
int | 165 |
Here's a simplified representation of an input log record:
{
"body": "",
"timeUnixNano": 1697062455000000000,
"attributes":
{
"appname": "su",
"hostname": "mymachine",
"message": "'su root' failed for lonvick on /dev/pts/8",
"priority": 34
}
}
Output:
<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
Please see example configurations.