logflux

Release 0.2.2

(r)syslog-to-influxdb translator

Homepage PyPI Python

Keywords
syslog, rsyslog, influx, influxdb, grafana
License
MIT
Install
pip install logflux==0.2.2

Documentation

logflux

Read messages from rsyslog via a socket and send regex-parsed values to InfluxDB

usage

rsyslog

rsyslog 8.33.1 and newer supports creating log output in JSON format, which is preferred. To use, configure rsyslog (the template format is important) with:

template(name="logflux" type="list" option.jsonf="on") {
	property(outname="@timestamp" name="timereported" dateFormat="rfc3339" format="jsonf")
	property(outname="host" name="hostname" format="jsonf")
	property(outname="severity" name="syslogseverity-text" caseConversion="upper" format="jsonf")
	property(outname="facility" name="syslogfacility-text" format="jsonf")
	property(outname="syslog-tag" name="syslogtag" format="jsonf")
	property(outname="source" name="app-name" format="jsonf")
	property(outname="message" name="msg" format="jsonf")
}

module(load="omuxsock")
$OMUxSockSocket /tmp/logflux.sock
*.*	:omuxsock:;logflux

If you have older versions of rsyslog that do not support JSON output, you can use the "legacy" format with the following template:

template(name="logflux" type="list") {
	constant(value="@timestamp: ")
	property(outname="@timestamp" name="timereported" dateFormat="rfc3339")
	constant(value="\nhost: ")
	property(outname="host" name="hostname")
	constant(value="\nseverity: ")
	property(outname="severity" name="syslogseverity-text" caseConversion="upper")
	constant(value="\nfacility: ")
	property(outname="facility" name="syslogfacility-text")
	constant(value="\nsyslog-tag: ")
	property(outname="syslog-tag" name="syslogtag")
	constant(value="\nsource: ")
	property(outname="source" name="app-name")
	constant(value="\n\n")
	property(outname="message" name="msg")
}

logflux will automatically detect the format of the first message received and assume this format for all subsequent messages. If you change message formats, restart logflux.

Note: You may only want to send a subset of syslog messages to logflux, you can do so with filter conditions. Note that advanced/RainerScript configuration syntax is not supported with omuxsock as of rsyslog 8.34.0.

logflux

logflux uses a YAML-syntax configuration style. The following example shows the syntax and available options:

---

socket: /tmp/logflux.sock

influx:
    host: localhost
    port: 8086

database: logflux

rules:
  - name: nginx_rate_limit
    match:
      key: message
      regex: '^nginx:.* limiting requests, excess: (?P<excess>\d+\.\d+) by zone "(?P<zone>[^"]+)", client: (?P<client>[^,]+)'
    fields:
      value:
        lookup: message.excess
        type: float
    tags:
      zone: message.zone
      client: message.client
      hostname: host

By default, logflux looks for its configuration in logflux.yaml in the current directory, this can be overridden with the -c or --config command line option.

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
10.7 KB
SourceRank
6

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.2.2
0.2.1
0.2
0.1.1
0.1

Contributors

Nate Coraor


See all contributors

Login to resync this project