mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2026-01-27 17:37:18 +01:00
9e69ed7bc0
So the philosophy here is that there will be one main fluent-bit instance, which will read from /dev/kmsg and /dev/log and write to /var/log/messages. This is done to reduce the chance of introducing errors in config and making sure that var/log/messages is always populated because logread depends on it. For example, an unavailable URL for a udp based syslog output plugin can cause fluent-bit to exit entirely. The other fluent-bit instance uses a different "user" config file. Which will handle log_file, log_remote and included configs. It has a single hard coded input tail plugin which reads from /var/log/messages. Any filter that is applied will act on the main config and thus, only filtered logs will be available to both fluent-bit instances.
27 lines
776 B
Bash
27 lines
776 B
Bash
#!/bin/sh
|
|
|
|
# add a parser to extract message from /var/log/messages file
|
|
# this is needed because tail plugin treats the entire line as the one string without this
|
|
PARSER_FILE="/etc/fluent-bit/parsers.conf"
|
|
PARSER_NAME="syslog_message"
|
|
|
|
# Check if parser already exists
|
|
if grep -q "Name\s\+$PARSER_NAME" "$PARSER_FILE"; then
|
|
echo "Fluent Bit parser '$PARSER_NAME' already exists. Skipping."
|
|
exit 0
|
|
fi
|
|
|
|
# Append the parser to the file
|
|
cat << EOF >> "$PARSER_FILE"
|
|
|
|
[PARSER]
|
|
Name $PARSER_NAME
|
|
Format regex
|
|
Regex ^(?<timestamp>\w+\s+\d+\s+\d+:\d+:\d+)\s+(?<hostname>\S+)\s+(?<process>[^:]+):\s+(?<message>.+)
|
|
Time_Key timestamp
|
|
Time_Format %b %d %H:%M:%S
|
|
EOF
|
|
|
|
echo "Added Fluent Bit parser '$PARSER_NAME' to $PARSER_FILE"
|
|
|
|
exit 0
|