Skip to content

ingestor_syslog job from logsearch/21

Github source: 63eb7976 or master branch

Properties

archiver

enabled

Default
false

logstash

metadata_level

Whether to include additional metadata throughout the event lifecycle. NONE = disabled, DEBUG = fully enabled

Default
NONE

logstash_ingestor

debug

Debug level logging

Default
false

filters

Filters to execute on the ingestors

Default
""

syslog

port

Port to listen for syslog messages

Default
5514

syslog_tls

jdk_tls_client_protocols

Allowed TLS protocols passed to jdk.tls.client.protocols and https.protocols settings. Defaults to TLSv1,TLSv1.1,TLSv1.2. Set to SSLv3,TLSv1,TLSv1.1,TLSv1.2 to enable (POODLE vulnerable) SSLv3 connections from legacy syslog clients

Default
TLSv1,TLSv1.1,TLSv1.2
port

Port to listen for syslog-TLS messages (omit to disable)

ssl_cert

Syslog-TLS SSL certificate (file contents, not a path) - required if logstash_ingestor.syslog_tls.port set

ssl_key

Syslog-TLS SSL key (file contents, not a path) - required if logstash_ingestor.syslog_tls.port set

redis

host

Redis host of queue

key

Name of queue to pull messages from

Default
logstash

port

Redis port of queue

Default
6379

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/ingestor_syslog/ directory (learn more).

  • bin/ingestor_syslog_ctl (from bin/ingestor_syslog_ctl)
  • bin/monit_debugger (from bin/monit_debugger)
  • config/syslog_tls.crt (from config/syslog_tls.crt.erb)
  • config/syslog_tls.key (from config/syslog_tls.key.erb)
  • config/syslog_to_redis.conf (from config/syslog_to_redis.conf.erb)
  • data/properties.sh (from data/properties.sh.erb)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.