File: //proc/1961464/root/etc/vector/vector.toml
# __ __ __
# \ \ / / / /
# \ V / / /
# \_/ \/
#
# V E C T O R
# Configuration
#
# ------------------------------------------------------------------------------
# Website: https://vector.dev
# Docs: https://vector.dev/docs
# Chat: https://chat.vector.dev
# ------------------------------------------------------------------------------
# Change this to use a non-default directory for Vector data storage:
# data_dir = "/var/lib/vector"
# Random Syslog-formatted logs
[sources.dummy_logs]
type = "demo_logs"
format = "syslog"
interval = 1
# Parse Syslog logs
# See the Vector Remap Language reference for more info: https://vrl.dev
[transforms.parse_logs]
type = "remap"
inputs = ["dummy_logs"]
source = '''
. = parse_syslog!(string!(.message))
'''
# Print parsed logs to stdout
[sinks.print]
type = "console"
inputs = ["parse_logs"]
encoding.codec = "json"
# Vector's GraphQL API (disabled by default)
# Uncomment to try it out with the `vector top` command or
# in your browser at http://localhost:8686
#[api]
#enabled = true
#address = "127.0.0.1:8686"
# Forwarding logs to Logtail.com
# ------------------------------
# Generated on 2022-10-14: https://logtail.com/vector-toml/nginx/KjbFCNb4TwqBKXBHGKLdA6eT
# Learn more about Vector configuration: https://vector.dev/docs/reference/configuration/
# - Nginx: v4
[sources.logtail_nginx_logs_KjbFCNb4TwqBKXBHGKLdA6eT]
type = "file"
read_from = "beginning"
ignore_older_secs = 600
include = ["/var/log/nginx/error.log"]
exclude = []
[transforms.logtail_nginx_parser_KjbFCNb4TwqBKXBHGKLdA6eT]
type = "remap"
inputs = ["logtail_nginx_logs_KjbFCNb4TwqBKXBHGKLdA6eT"]
source = '''
del(.source_type)
.dt = del(.timestamp)
.nginx = parse_regex(.message, r'^\s*(-|(?P<client>\S+))\s+\-\s+(-|(?P<user>\S+))\s+\[(?P<timestamp>.+)\]\s+"(?P<request>(?P<method>\w+)\s+(?P<path>\S+)\s+(?P<protocol>\S+))"\s+(?P<status>\d+)\s+(?P<size>\d+)\s+"(-|(?P<referrer>.+))"\s+"(-|(?P<agent>.+))"\s*') ??
parse_regex(.message, r'^\s*(?P<timestamp>.+)\s+\[(?P<severity>\w+)\]\s+(?P<pid>\d+)\#(?P<tid>\d+):\s+\*(?P<cid>\d+)\s+(?P<message>.*)(?:,\s+client:\s+(?P<client>[^,z]+))(?:,\s+server:\s+(?P<server>[^,z]+))(?:,\s+request:\s+"(?P<request>[^"]+)")(?:,\s+subrequest:\s+"(?P<subrequest>[^"]+)")?(?:,\s+upstream:\s+"(?P<upstream>[^"]+)")?(?:,\s+host:\s+"(?P<host>[^"]+)")(?:,\s+referrer:\s+"(?P<referrer>[^"]+)")?\s*') ??
parse_nginx_log(.message, format: "combined") ??
parse_nginx_log(.message, format: "error") ??
{}
if .nginx != {} {
.platform = "Nginx"
.level = del(.nginx.severity)
.message = del(.nginx.message)
if is_null(.message) { del(.message) }
if exists(.nginx.timestamp) {
.dt = format_timestamp!(
parse_timestamp(.nginx.timestamp, "%d/%b/%Y:%T %z") ??
parse_timestamp(.nginx.timestamp, "%Y/%m/%d %T") ??
.dt,
"%+"
)
del(.nginx.timestamp)
}
if is_string(.nginx.status) { .nginx.status = to_int(.nginx.status) ?? .nginx.status }
if is_string(.nginx.size) { .nginx.size = to_int(.nginx.size) ?? .nginx.size }
if is_string(.nginx.cid) { .nginx.cid = to_int(.nginx.cid) ?? .nginx.cid }
if is_string(.nginx.pid) { .nginx.pid = to_int(.nginx.pid) ?? .nginx.pid }
if is_string(.nginx.tid) { .nginx.tid = to_int(.nginx.tid) ?? .nginx.tid }
if is_null(.nginx.subrequest) { del(.nginx.subrequest) }
if is_null(.nginx.upstream) { del(.nginx.upstream) }
if is_null(.nginx.referrer) { del(.nginx.referrer) }
} else {
del(.nginx)
}
'''
[sinks.logtail_http_sink_KjbFCNb4TwqBKXBHGKLdA6eT]
type = "http"
uri = "https://in.logtail.com/"
encoding.codec = "json"
auth.strategy = "bearer"
auth.token = "KjbFCNb4TwqBKXBHGKLdA6eT"
inputs = ["logtail_nginx_parser_KjbFCNb4TwqBKXBHGKLdA6eT"]
# --- end of 2022-10-14: https://logtail.com/vector-toml/nginx/KjbFCNb4TwqBKXBHGKLdA6eT