Проект

Общее

Профиль

Редактировать История

Wiki »

Rsyslog » История » Версия 2

Константин Пильник, 2022-11-30 17:14

1 1 Константин Пильник 
h1. rsyslog -> elasticsearch
2 





    3
    
    
    
<pre><code class="perl">





    4
    
    
    
# elasticsearch





    5
    
    
    
module(load="omelasticsearch")





    6
    
    
    
template(name="elastic_date_template" type="list") {





    7
    
    
    
	constant(value="rsyslog-")





    8
    
    
    
	property(name="timereported" dateformat="year")





    9
    
    
    
	constant(value=".")





    10
    
    
    
	property(name="timereported" dateformat="month")





    11
    
    
    
	constant(value=".")





    12
    
    
    
	property(name="timereported" dateformat="day")





    13
    
    
    
}





    14
    
    
    





    15
    
    
    
template(name="elastic_msg_template" type="list" option.json="on") {





    16
    
    
    
	constant(value="{")





    17
    
    
    
	constant(value="\"timestamp\":\"")      property(name="timereported" dateFormat="rfc3339")





    18
    
    
    
	constant(value="\",\"message\":\"")     property(name="msg")





    19
    
    
    
	constant(value="\",\"host\":\"")        property(name="hostname")





    20
    
    
    
	constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")





    21
    
    
    
	constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")





    22
    
    
    
	constant(value="\",\"syslogtag\":\"")   property(name="syslogtag")





    23
    
    
    
	constant(value="\",\"programname\":\"") property(name="programname")





    24
    
    
    
	constant(value="\",\"procid\":\"")      property(name="procid")





    25
    
    
    
	constant(value="\"}")





    26
    
    
    
}





    27
    
    
    





    28
    
    
    
action(





    29
    
    
    
	type="omelasticsearch"





    30
    
    
    
	server="127.0.0.1"





    31
    
    
    
	serverport="9200"





    32
    2
    Константин Пильник
    
        usehttps="on"





    33
    1
    Константин Пильник
    
	uid="elastic"





    34
    
    
    
	pwd="mypass1"





    35
    
    
    
	template="elastic_msg_template"





    36
    
    
    
	dynSearchIndex="on"





    37
    
    
    
	searchIndex="elastic_date_template"





    38
    2
    Константин Пильник
    
	searchType="rsyslog"





    39
    1
    Константин Пильник
    
	bulkmode="on"





    40
    
    
    
	maxbytes="100m"





    41
    
    
    
	queue.type="linkedlist"





    42
    
    
    
	queue.size="5000"





    43
    
    
    
	queue.dequeuebatchsize="300"





    44
    
    
    
	action.resumeretrycount="-1"





    45
    
    
    
)





    46
    
    
    
</code></pre>