syslog_forwarder job from syslog/11.4.0
IP or DNS address of the syslog server.
limit goprocess to a single cpu via gomaxprocs
directory with subdirectories containing log files. log lines will be tagged with subdirectory name.
Trusted CAs. Necessary if TLS is enabled AND signing CA is not present in instance cert store. Overrides instance cert store if set.
- |+ -----BEGIN CERTIFICATE----- MIIClTCCAf4CCQDc6hJtvGB8RjANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMC... -----END CERTIFICATE-----
Custom rsyslog rule for event forwarder. This will be inserted before the forwarding rule. See further discussion and examples in example-custom-rules.md at the top level of the release repo.
BOSH Director name
List of fallback servers to be used if the primary syslog server is down. Only tcp or relp protocols are supported. Each list entry should consist of “address”, “transport” and “port” keys.
- - address: logs5.papertrail.com port: 44312 transport: tcp
Drop messages with an app name that starts with “vcap.” This is intended to prevent near-identical duplicates when using forward_files with legacy Cloud Foundry jobs, which generally use tee to send logs to syslog directly in addition to writing them to the filesystem. This should probably be set to true in any deployment of Cloud Foundry Application Runtime. This may be on by default in the future, though this would be a breaking/major version change.
If enabled, use BlackBox to forward logs.
Drop messages with an msg that start with “DEBUG”. This is intended to prevent high-volume, low-value debug logs from overwhelming syslog receivers, while still allowing the UAA job to log its debug messages to disk for support-enablement purposes. While this may impact other logs, most other jobs are not generally configured to emit debug logs, and anyone who wants to filter out UAA’s debug volume likely doesn’t mind losing the other debug volume, too. This filter is necessarily heuristic/string-based because syslog PRI information is not meaningful in logs produced by blackbox.
Deprecated. Allows systems that cannot modify their deployment toplogy to use this release. Do not use if you’re not already relying on this capability. If true, does not forward syslogs, and does not require any other properties be provided. Overrides all other configuration.
Accepted fingerprint (SHA1) or name of remote peer. Only used if TLS is enabled. If not specified, will use the configured forwarding address.
Port of the syslog server.
write bookkeeping information on checkpoints (every n records)
After this number of messages are queued, purge messages whose severity is greater than or equal to DiscardSeverity.
This discards queued messages of this severity or higher when the
queue_discard_markis reached. Setting this to ‘0’ will discard all queued messages when the
Spill to disk if queue is full.
Num messages. Assuming avg size of 512B, this is 4MiB. (If this is reached, messages will spill to disk until the low watermark is reached).
Number of messages. Assuming avg size of 512B, this is 1MiB.
Max size for disk queue.
Save in-memory data to disk if rsyslog shuts down. Must be “on” or “off”
Store no more than this number syslog messages in memory.
Discard messages if the queue + disk is full
If enabled, log files will be forwarded if and only if they satisfy any of the following: - world-readable - readable by the syslog user - readable by the vcap group (note: the vcap user is insufficient, it must be the group.)
When action is suspended (dest not connected), retry after this number of seconds
Set this to true to enable TLS.
If enabled, Blackbox will use TCP rather than UDP when forwarding loglines from files to the local rsyslog. Does not affect forwarding to remote addresses. This prevents truncation of log lines over 1KB, but may have undesirable performance impact.
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be