2022-11-24 19:01:40 +00:00
|
|
|
# syslog-ng, format all json into messages
|
|
|
|
|
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
|
|
|
|
|
|
2024-03-12 15:18:42 +00:00
|
|
|
@version: 4.5
|
2022-11-24 19:01:40 +00:00
|
|
|
@include "scl.conf"
|
|
|
|
|
|
|
|
|
|
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
|
|
|
|
|
dns_cache(no); owner("root"); group("adm"); perm(0640);
|
2024-03-20 11:04:12 +00:00
|
|
|
stats(freq(43200)); bad_hostname("^gconfd$"); frac-digits(9); keep-timestamp(no);
|
2022-11-24 19:01:40 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
source s_sys { system(); internal();};
|
|
|
|
|
|
|
|
|
|
destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UNIXTIME\" facility=\"$FACILITY\" host=\"$LOGHOST\" ident=\"$PROGRAM\" pid=\"$PID\" level=\"$PRIORITY\" message=\"$MESSAGE\")\n")); };
|
|
|
|
|
|
|
|
|
|
# filter ipvs loggging each SYN to closed port
|
|
|
|
|
# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
|
2024-03-12 15:18:42 +00:00
|
|
|
# filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
|
2022-11-24 19:01:40 +00:00
|
|
|
# "message":"net_ratelimit: 16 callbacks suppressed"
|
2024-03-12 15:18:42 +00:00
|
|
|
# filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
|
|
|
|
|
# log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
|
2022-11-24 19:01:40 +00:00
|
|
|
|
2024-03-12 15:18:42 +00:00
|
|
|
log { source(s_sys); destination(d_mesg); };
|
