Skip to content

loggr-syslog-agent job from loggregator-agent/8.1.1

Github source: 830425cc or master branch

Properties

aggregate_drains

DEPRECATED: Syslog server URLs that will receive the logs from all sources. Use binding cache instead if possible

Default
""
Example
syslog-tls://some-drain-1,syslog-tls://some-drain-1

binding_cache_override_url

URL to use if required to override the default bosh-dns binding cache address

blacklisted_syslog_ranges

A list of IP address ranges that are not allowed to be specified in syslog drain binding URLs.

Default
[]
Example
- end: 10.10.10.10
  start: 10.10.10.1

cache

batch_size

The batch size the syslog will request the Cloud Controller for bindings.

Default
1000

polling_interval

The interval at which the syslog will poll the Cloud Controller for bindings.

Default
15s

tls

ca_cert

When the syslog communicates with the Cloud Controller it must validate the Cloud Controller’s certificate was signed by a trusted CA. This is the CA trusted by the syslog for that communication. This field is required if binding cache is included.

Default
""
cert

This certificate is sent to the Cloud Controller when initiating a connection. It must be signed by a CA that is trusted by the Cloud Controller. This field is required if binding cache is included.

Default
""
cn

When the syslog communicates with the cache it must validate the Cloud Controller’s common name (CN) or subject alternative names (SANs) against the hostname or IP address used to initiate the connection. Most of the time this should be the hostname defined in api.url. This field is required if binding cache is included.

Default
""
key

This is the private key for the certificate sent to the Cloud Controller when initiating a connection. This field is required if binding cache is included.

Default
""

default_drain_metadata

Whether metadata is included in structured data by default

Default
true

drain_ca_cert

The CA certificate for key/cert verification.

drain_cipher_suites

An ordered, colon-delimited list of golang supported TLS cipher suites in OpenSSL or RFC format. The selected cipher suite will be negotiated according to the order of this list during a TLS handshake.

The following cipher suites are supported: - TLS_RSA_WITH_RC4_128_SHA - AES128-SHA256 - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-ECDSA-RC4-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-RC4-SHA - ECDHE-RSA-DES-CBC3-SHA - ECDHE-RSA-AES128-SHA - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-CHACHA20-POLY1305

drain_skip_cert_verify

If set to true the SSL hostname validation will be disabled.

Default
false

enabled

Syslog agent is enabled on VM

Default
true

logging

format

timestamp

Format for timestamp in component logs. Valid values are ‘deprecated’ and ‘rfc3339’.

Default
deprecated

metrics

ca_cert

TLS CA cert to verify requests to metrics endpoint.

cert

TLS certificate for metrics server signed by the metrics CA

debug

Enables go_ and process_ metrics along with a pprof endpoint

Default
false

key

TLS private key for metrics server signed by the metrics CA

port

Port the agent uses to serve metrics and debug information

Default
14822

pprof_port

If debug metrics is enabled, pprof will start at this port, ideally set to something other then 0

Default
0

server_name

The server name used in the scrape configuration for the metrics endpoint

port

Port the agent is serving gRPC via mTLS

Default
3458

tls

ca_cert

TLS loggregator root CA certificate. It is required for key/cert verification.

cert

TLS certificate for syslog signed by the loggregator CA

cipher_suites

An ordered list of supported SSL cipher suites. Allowed cipher suites are TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.

Default
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

key

TLS private key for syslog signed by the loggregator CA

warn_on_invalid_drains

Whether to output log warnings on invalid drains

Default
true

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/loggr-syslog-agent/ directory (learn more).

  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/cache_ca.crt (from cache_ca.crt.erb)
  • config/certs/cache_client.crt (from cache_client.crt.erb)
  • config/certs/cache_client.key (from cache_client.key.erb)
  • config/certs/drain_ca.crt (from drain_ca.crt.erb)
  • config/certs/loggregator_ca.crt (from loggregator_ca.crt.erb)
  • config/certs/metrics.crt (from metrics.crt.erb)
  • config/certs/metrics.key (from metrics.key.erb)
  • config/certs/metrics_ca.crt (from metrics_ca.crt.erb)
  • config/certs/syslog_agent.crt (from syslog_agent.crt.erb)
  • config/certs/syslog_agent.key (from syslog_agent.key.erb)
  • config/ingress_port.yml (from ingress_port.yml.erb)
  • config/prom_scraper_config.yml (from prom_scraper_config.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.