nsyslog/examples/config/cfg001.json

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

{
	"include" : [
		"cfg001/inputs.json",
		"cfg001/processors.json",
		"cfg001/transporters.json"
	],

	"config" : {
		"input" : {"buffer" : 1000},
		"process" : {"buffer": 1000}
	},

	"filters" : {
		"fromUDP" : "${server.protocol}=='udp4'",
		"localhost" : "${client.address}=='127.0.0.1'",
		"interface" : "${client.address}!='127.0.0.1'",
		"httpOk" : "${message}.match(/ 200/)",
		"httpRed" : "${message}.match(/ 302/)",
		"httpErr" : "${message}.match(/ (404|500)/)"
	},

	"filterGroups" : {
	},

	"flows" : [
		{
			"from":"localhost", "disabled":true, "when":["httpOk"], "transporters":"log", "mode":"parallel",
			"flows" : [
				{"when":["httpOk"], "transporters":"log", "mode":"parallel"},
				{"when":["httpRed"], "transporters":"warn", "mode":"parallel"},
				{"when":["httpErr"], "transporters":"error", "mode":"serial"}
			]
		},
		{"from":"interface", "disabled":true, "processors":["stats"], "transporters":["debug"], "mode":"serial"},
		{"from":"${id}=='glob'", "disabled":false, "transporters":["debug"], "mode":"serial"},
		{"from":"*", "disabled":true, "processors":["syslog"], "transporters":["debug"], "mode":"serial"},
		{"from":"*", "disabled":false, "transporters":["warn"], "mode":"serial"}
	]
}