Skip to content

Commit

Permalink
move to docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@okozachenko1203
okozachenko1203 committed Oct 31, 2024
1 parent 3f0c858 commit cd7d9ea
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 47 deletions.
51 changes: 51 additions & 0 deletions doc/source/admin/monitoring.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,57 @@ Prometheus as the data source. You can find more examples of how to do
this in the Grafana Helm chart `Import Dashboards <https://github.com/grafana/helm-charts/tree/main/charts/grafana#import-dashboards>`_
documentation.

Send logs to syslog server
==========================

It is possilbe to send logs to a syslog server which has the reception
enabled via socket. You will need to simply set the following inventory
variables for vector.

.. code-block:: yaml
vector_helm_values:
customConfig:
transforms:
syslog_logs:
type: remap
inputs: ["kubernetes_logs"]
# let's make RFC 5424 compatible messages for rsyslog
# read more about the format:
# https://blog.datalust.co/seq-input-syslog/#rfc5424
source: |-
pri = 1 * 8 + to_syslog_severity(.severity) ?? 6
., err = join([
"<" + to_string(pri) + ">" + "1", # <pri>version
to_string!(.@timestamp),
to_string!(.kubernetes.pod_name || .hostname || "${VECTOR_SELF_NODE_NAME}"),
to_string!(.app || .kubernetes.labels.app || "-"),
"-", # procid
to_string!(.messageid || "-"), # msgid
"-", # structured-data
decode_base16!("EFBBBF") + to_string!(.message || encode_json(.)) # msg
], separator: " ")
if err != null {
log("Unable to construct syslog message for event:" + err + ". Dropping invalid event: " + encode_json(.), level: "error", rate_limit_secs: 10)
}
sinks:
rsyslog_general:
type: "socket"
inputs: [syslog_logs]
# rsyslog server address
address: "38.108.68.134:514"
# tcp or udp
mode: "tcp"
encoding:
codec: "text"
framing:
method: "newline_delimited"
This configures a vector transformer converting log messages to rsyslog
format and sends logs to the specified rsyslog server.

************
Viewing data
************
Expand Down
47 changes: 0 additions & 47 deletions roles/vector/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,50 +3,3 @@
This role installs and configures [Vector](https://vector.dev/) to collect all
logs from the hosts and send them to a central location, which is configured
to be the built-in Loki instance.

## Send logs to syslog server

It is possilbe to send logs to a syslog server which has the reception enabled
via socket. You will need to simply set the following inventory variables.


```yaml
vector_helm_values:
customConfig:
transforms:
syslog_logs:
type: remap
inputs: ["kubernetes_logs"]
# let's make RFC 5424 compatible messages for rsyslog
# read more about the format:
# https://blog.datalust.co/seq-input-syslog/#rfc5424
source: |-
pri = 1 * 8 + to_syslog_severity(.severity) ?? 6
., err = join([
"<" + to_string(pri) + ">" + "1", # <pri>version
to_string!(.@timestamp),
to_string!(.kubernetes.pod_name || .hostname || "${VECTOR_SELF_NODE_NAME}"),
to_string!(.app || .kubernetes.labels.app || "-"),
"-", # procid
to_string!(.messageid || "-"), # msgid
"-", # structured-data
decode_base16!("EFBBBF") + to_string!(.message || encode_json(.)) # msg
], separator: " ")
if err != null {
log("Unable to construct syslog message for event:" + err + ". Dropping invalid event: " + encode_json(.), level: "error", rate_limit_secs: 10)
}
sinks:
rsyslog_general:
type: "socket"
inputs: [syslog_logs]
# rsyslog server address
address: "38.108.68.134:514"
# tcp or udp
mode: "tcp"
encoding:
codec: "text"
framing:
method: "newline_delimited"
```

0 comments on commit cd7d9ea

Please sign in to comment.