alpine-overlay/kubezero/zdt-base/syslog-ng.conf

28 lines
1.2 KiB
Plaintext
Raw Permalink Normal View History

# syslog-ng, format all json into messages
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
@version: 4.5
@include "scl.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
dns_cache(no); owner("root"); group("adm"); perm(0640);
stats(freq(43200)); bad_hostname("^gconfd$"); frac-digits(9); keep-timestamp(no);
};
source s_sys { system(); internal();};
destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UNIXTIME\" facility=\"$FACILITY\" host=\"$LOGHOST\" ident=\"$PROGRAM\" pid=\"$PID\" level=\"$PRIORITY\" message=\"$MESSAGE\")\n")); };
# filter ipvs loggging each SYN to closed port
# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
# filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
# "message":"net_ratelimit: 16 callbacks suppressed"
# filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
# log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
log {
source(s_sys);
destination(d_mesg);
};