loggr-syslog-agent job from loggregator-agent/6.3.13
Github source:
f06955cc
or
master branch
Properties¶
aggregate_drains
¶
DEPRECATED: Syslog server URLs that will receive the logs from all sources. Use binding cache instead if possible
- Default
""
- Example
-
syslog-tls://some-drain-1,syslog-tls://some-drain-1
binding_cache_override_url
¶
URL to use if required to override the default bosh-dns binding cache address
blacklisted_syslog_ranges
¶
A list of IP address ranges that are not allowed to be specified in syslog drain binding URLs.
- Default
[]
- Example
-
- end: 10.10.10.10 start: 10.10.10.1
cache
¶
batch_size
¶The batch size the syslog will request the Cloud Controller for bindings.
- Default
1000
polling_interval
¶The interval at which the syslog will poll the Cloud Controller for bindings.
- Default
15s
tls
¶
ca_cert
¶When the syslog communicates with the Cloud Controller it must validate the Cloud Controller’s certificate was signed by a trusted CA. This is the CA trusted by the syslog for that communication. This field is required if binding cache is included.
- Default
""
cert
¶This certificate is sent to the Cloud Controller when initiating a connection. It must be signed by a CA that is trusted by the Cloud Controller. This field is required if binding cache is included.
- Default
""
cn
¶When the syslog communicates with the cache it must validate the Cloud Controller’s common name (CN) or subject alternative names (SANs) against the hostname or IP address used to initiate the connection. Most of the time this should be the hostname defined in api.url. This field is required if binding cache is included.
- Default
""
key
¶This is the private key for the certificate sent to the Cloud Controller when initiating a connection. This field is required if binding cache is included.
- Default
""
default_drain_metadata
¶
Whether metadata is included in structured data by default
- Default
true
drain_ca_cert
¶
The CA certificate for key/cert verification.
drain_cipher_suites
¶
An ordered, colon-delimited list of golang supported TLS cipher suites in OpenSSL or RFC format. The selected cipher suite will be negotiated according to the order of this list during a TLS handshake.
The following cipher suites are supported: - TLS_RSA_WITH_RC4_128_SHA - AES128-SHA256 - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-ECDSA-RC4-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-RC4-SHA - ECDHE-RSA-DES-CBC3-SHA - ECDHE-RSA-AES128-SHA - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-CHACHA20-POLY1305
drain_skip_cert_verify
¶
If set to true the SSL hostname validation will be disabled.
- Default
false
enabled
¶
Syslog agent is enabled on VM
- Default
true
logging
¶
format
¶
timestamp
¶Format for timestamp in component logs. Valid values are ‘deprecated’ and ‘rfc3339’.
- Default
deprecated
metrics
¶
ca_cert
¶TLS CA cert to verify requests to metrics endpoint.
cert
¶TLS certificate for metrics server signed by the metrics CA
debug
¶Enables go_ and process_ metrics along with a pprof endpoint
- Default
false
key
¶TLS private key for metrics server signed by the metrics CA
port
¶Port the agent uses to serve metrics and debug information
- Default
14822
pprof_port
¶If debug metrics is enabled, pprof will start at this port, ideally set to something other then 0
- Default
0
server_name
¶The server name used in the scrape configuration for the metrics endpoint
port
¶
Port the agent is serving gRPC via mTLS
- Default
3458
tls
¶
ca_cert
¶TLS loggregator root CA certificate. It is required for key/cert verification.
cert
¶TLS certificate for syslog signed by the loggregator CA
cipher_suites
¶An ordered list of supported SSL cipher suites. Allowed cipher suites are TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
- Default
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
key
¶TLS private key for syslog signed by the loggregator CA
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/loggr-syslog-agent/
directory
(learn more).
config/bpm.yml
(frombpm.yml.erb
)config/certs/cache_ca.crt
(fromcache_ca.crt.erb
)config/certs/cache_client.crt
(fromcache_client.crt.erb
)config/certs/cache_client.key
(fromcache_client.key.erb
)config/certs/drain_ca.crt
(fromdrain_ca.crt.erb
)config/certs/loggregator_ca.crt
(fromloggregator_ca.crt.erb
)config/certs/metrics.crt
(frommetrics.crt.erb
)config/certs/metrics.key
(frommetrics.key.erb
)config/certs/metrics_ca.crt
(frommetrics_ca.crt.erb
)config/certs/syslog_agent.crt
(fromsyslog_agent.crt.erb
)config/certs/syslog_agent.key
(fromsyslog_agent.key.erb
)config/ingress_port.yml
(fromingress_port.yml.erb
)config/prom_scraper_config.yml
(fromprom_scraper_config.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.