UNPKG

nsyslog

Version:

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

github.com/solzimer/nsyslog

solzimer/nsyslog

88 lines (83 loc) 1.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{ "config" : { "datadir" : "/tmp/nsyslog", "input" : {"buffer" : 100}, "collector" : { "_key" : "ctx", "ival" : 1000 } }, "inputs" : { "lines" : { "type" : "static", "attach" : ["myflow"], "config" : { "loop" : true, "interval" : 1000, "lines" : [ {"res":"MAL","ct3":"4688","dun":"user$", "ct5":"algo asi como logagent.exe jejeje"}, {"res":"BIEN","ct3":"4688","dun":"user$","ct5":"Este tiene que pasar!"} ] } } }, "processors" : { "event": { "type" : "properties", "config" : { "set" : { "evt" : "${originalMessage}" } } }, "pid": { "type" : "properties", "config" : { "extend" : true, "deep" : true, "set" : { "evt" : { "pid" : "${process.pid}" } } } }, "win_discard_user": { "type": "properties", "config": {}, "when": { "filter": { "$and": [ {"evt.ct3": { "$in": ["4688"] }}, {"evt.dun": {"$endsWith":["$"]}}, {"$expr":{"$eval":"${evt.ct5.indexOf('logagent.exe')} > 0"}} ] }, "match": "block", "nomatch": "bypass" } } }, "transporters" : { "console" : { "type" : "console", "attach" : ["flow1"], "config" : { "format" : "${JSON:evt}", "json" : { "format" : true, "spaces" : 2, "color" : true } } }, "null" : { "type" : "null" } }, "flows" : [ { "id":"myflow", "from":"lines", "fork":true, "processors" : ["event","pid","win_discard_user"], "transporters":"console" } ] }