nsyslog
Version:
Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations
74 lines (67 loc) • 1.33 kB
JSON
{
"config" : {
"datadir" : "/tmp/nsyslog",
"input" : {"buffer" : 1000},
"process" : {"buffer": 1000}
},
"inputs" : {
"file" : {
"type" : "file",
"config" : {
"path" : "/var/log/**/*.json",
"watch" : false,
"readmode" : "offset",
"offset" : "start"
}
}
},
"processors" : {
"json" : {
"type" : "jsonparser",
"config" : {}
},
"timestamp" : {
"type" : "timestamp",
"config" : {
"output" : "ets"
}
},
"filter_flow" : {
"type" : "filter",
"config" : {
"mode" : "accept",
"filter" : "${event_type}=='flow'"
}
},
"aggregate" : {
"type" : "filter",
"config" : {
"mode" : "every",
"every" : 10,
"key" : "${src_ip}",
"aggregate" : {
"count" : 1,
"tx_packet" : "${flow.pkts_toserver}",
"rx_packet" : "${flow.pkts_toclient}",
"tx_bytes" : "${flow.bytes_toserver}",
"rx_bytes" : "${flow.bytes_toclient}"
},
"output" : "aggr"
}
}
},
"transporters" : {
"console" : {
"type" : "console",
"config" : {
"format" : "${JSON}"
}
},
"null" : {
"type" : "null"
}
},
"flows" : [
{"from":"file", "processors":["json","filter_flow","aggregate"], "transporters":["console"], "mode":"parallel"}
]
}