Skip to content

syslog_forwarder job from syslog/11.3.0

Github source: 72b8233 or master branch

Properties

syslog

address

IP or DNS address of the syslog server.

Example
logs4.papertrail.com

blackbox

limit_cpu

limit goprocess to a single cpu via gomaxprocs

Default
true
source_dir

directory with subdirectories containing log files. log lines will be tagged with subdirectory name.

Default
/var/vcap/sys/log

ca_cert

Trusted CAs. Necessary if TLS is enabled AND signing CA is not present in instance cert store. Overrides instance cert store if set.

Example
|+
  -----BEGIN CERTIFICATE-----
  MIIClTCCAf4CCQDc6hJtvGB8RjANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMC...
  -----END CERTIFICATE-----

custom_rule

Custom rsyslog rule for event forwarder. This will be inserted before the forwarding rule. See further discussion and examples in example-custom-rules.md at the top level of the release repo.

Default
""

director

BOSH Director name

Default
""

fallback_servers

List of fallback servers to be used if the primary syslog server is down. Only tcp or relp protocols are supported. Each list entry should consist of “address”, “transport” and “port” keys.

Default
[]
Example
- address: logs5.papertrail.com
  port: 44312
  transport: tcp

forward_files

If enabled, use BlackBox to forward logs.

Default
true

migration

disabled

Deprecated. Allows systems that cannot modify their deployment toplogy to use this release. Do not use if you’re not already relying on this capability. If true, does not forward syslogs, and does not require any other properties be provided. Overrides all other configuration.

Default
false

permitted_peer

Accepted fingerprint (SHA1) or name of remote peer. Only used if TLS is enabled. If not specified, will use the configured forwarding address.

Example
'*.papertrail.com'

port

Port of the syslog server.

Default
514

queue_checkpoint_interval

write bookkeeping information on checkpoints (every n records)

Default
100

queue_discard_mark

After this number of messages are queued, purge messages whose severity is greater than or equal to DiscardSeverity.

Default
97500

queue_discard_severity

This discards queued messages of this severity or higher when the queue_discard_mark is reached. Setting this to ‘0’ will discard all queued messages when the queue_discard_mark is reached.

Default
0

queue_file_name

Spill to disk if queue is full.

Default
agg_backlog

queue_high_water_mark

Num messages. Assuming avg size of 512B, this is 4MiB. (If this is reached, messages will spill to disk until the low watermark is reached).

Default
80000

queue_low_water_mark

Number of messages. Assuming avg size of 512B, this is 1MiB.

Default
2000

queue_max_disk_space

Max size for disk queue.

Default
128m

queue_save_on_shutdown

Save in-memory data to disk if rsyslog shuts down. Must be “on” or “off”

Default
true

queue_size

Store no more than this number syslog messages in memory.

Default
100000

queue_timeout_enqueue

Discard messages if the queue + disk is full

Default
0

respect_file_permissions

If enabled, log files will be forwarded if and only if they satisfy any of the following: - world-readable - readable by the syslog user - readable by the vcap group (note: the vcap user is insufficient, it must be the group.)

Default
false

resume_interval

When action is suspended (dest not connected), retry after this number of seconds

Default
10

tls_enabled

Set this to true to enable TLS.

Default
false

transport

One of udp, tcp, relp.

Default
tcp

use_tcp_for_file_forwarding_local_transport

If enabled, Blackbox will use TCP rather than UDP when forwarding loglines from files to the local rsyslog. Does not affect forwarding to remote addresses. This prevents truncation of log lines over 1KB, but may have undesirable performance impact.

Default
false

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/syslog_forwarder/ directory (learn more).

  • bin/blackbox_ctl (from blackbox_ctl.erb)
  • bin/pre-start (from pre-start.erb)
  • config/blackbox_config.yml (from blackbox_config.yml.erb)
  • config/ca_cert.pem (from ca_cert.pem.erb)
  • config/syslog-release-custom-rules.conf (from syslog-release-custom-rules.conf.erb)
  • config/syslog-release-file-exclusion.conf (from syslog-release-file-exclusion.conf.erb)
  • config/syslog-release-forwarding-rules.conf (from syslog-release-forwarding-rules.conf.erb)
  • config/syslog-release-forwarding-setup.conf (from syslog-release-forwarding-setup.conf.erb)
  • config/syslog-release.conf (from syslog-release.conf.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.