UNPKG

nsyslog

Version:

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

github.com/solzimer/nsyslog

solzimer/nsyslog

96 lines (90 loc) 2.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{ "config" : { "datadir" : "/tmp/nsyslog1", "wmdir" : "/tmp/wms1", "input" : {"maxPending" : 1000}, "buffer" : {"maxPending": 1000}, "processor" : {"maxPending": 1000}, "transporter" : {"maxPending": 1000} }, "inputs" : { "w_1" : { "type" : "windows", "disabled" : false, "config" : { "readmode" : "watermark", "offset" : "start", "channel" : "Security", "batchsize" : 5000, "idfilter": [ 5376,5377,5453,6273,6274,6275,6276,6277,6278,6279,6280,6416,4965,4976,4977,4978,4983,4984,5038, 5122,5123,5124,5140,5142,5143,5144,5145,5156,4866,4867,4882,4885,4890,4892,4896,4905,4907,4908, 4912,4934,4960,4961,4963,4964,4757,4758,4759,4764,4767,4768,4769,4770,4771,4772,4776,4777,4780, 4794,4816,4865,4735,4737,4738,4739,4740,4741,4742,4743,4744,4745,4746,4747,4749,4754,4755,4756, 4717,4718,4720,4722,4723,4724,4725,4726,4727,4728,4729,4730,4731,4732,4733,4734,4688,4692,4693, 4697,4698,4699,4700,4701,4702,4704,4705,4706,4713,4714,4715,4716,4625,4634,4648,4656,4657,4658, 4659,4660,4662,4663,4672,4673,4674,4675,4624 ], "format" : "json" } }, "w_2" : { "type" : "windows", "disabled" : false, "config" : { "readmode" : "watermark", "offset" : "start", "channel" : "Application", "batchsize" : 5000, "idfilter" : [902,903], "format" : "json" } }, "w_3" : { "type" : "windows", "disabled" : false, "config" : { "readmode" : "watermark", "offset" : "start", "channel" : "System", "batchsize" : 5000, "format" : "json" } } }, "processors" : { "_parse" : { "type" : "winevtparser", "config" : { "input" : "${originalMessage}", "output" : "windows" } }, "parse" : { "type" : "properties", "config" : { "set" : { "windows" : "${originalMessage}" } } } }, "transporters" : { "console" : { "type" : "console", "config" : { "format" : "${windows}", "json" : { "format" : true, "spaces" : 2 } } }, "null" : { "type" : "null" } }, "flows" : [ {"from":"${type}=='windows'","fork":false, "processors":["parse"], "transporters":["null"]} ] }