rsyslog_docker/rsyslog/rsyslog.d/01-json-template.conf
Maxim Malakhov 375312784b first commit
2024-09-30 16:22:59 +03:00

48 lines
2.0 KiB
Plaintext

template(name="json-template" type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"sysloghost\":\"") property(name="hostname")
constant(value="\",\"fromhost-ip\":\"") property(name="fromhost-ip")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\",\"syslog-tag\":\"") property(name="syslogtag")
constant(value="\"}\n")
}
# if you experience problems, check:
# http://www.rsyslog.com/troubleshoot
# ### MODULES ####
# module(load="omkafka")
# template(name="json_lines" type="list" option.json="on") {
# constant(value="{")
# constant(value="\"timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
# constant(value="\",\"message\":\"") property(name="msg")
# constant(value="\",\"host\":\"") property(name="hostname")
# constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
# constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
# constant(value="\",\"syslog-tag\":\"") property(name="syslogtag")
# constant(value="\"}")
# }
# main_queue(
# queue.workerthreads="1" # threads to work on the queue
# queue.dequeueBatchSize="1" # max number of messages to process at once
# queue.size="1000" # max queue size
# )
# action(
# broker=["kafka:9092"]
# type="omkafka"
# template="json_lines"
# topic="test_topic_1"
# action.resumeRetryCount="-1"
# action.reportsuspension="on"
# )