| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- # Netdata log2journal Configuration
- # The following parses nginx log files using the combined format.
- # The PCRE2 pattern to match log entries and give names to the fields.
- # The journal will have these names, so follow their rules. You can
- # initiate an extended PCRE2 pattern by starting the pattern with (?x)
- pattern: |
- (?x) # Enable PCRE2 extended mode
- ^
- (?<NGINX_REMOTE_ADDR>[^ ]+) \s - \s # NGINX_REMOTE_ADDR
- (?<NGINX_REMOTE_USER>[^ ]+) \s # NGINX_REMOTE_USER
- \[
- (?<NGINX_TIME_LOCAL>[^\]]+) # NGINX_TIME_LOCAL
- \]
- \s+ "
- (?<NGINX_REQUEST>
- (?<NGINX_REQUEST_METHOD>[A-Z]+) \s+ # NGINX_METHOD
- (?<NGINX_REQUEST_URI>[^ ]+) \s+
- (?<NGINX_SERVER_PROTOCOL>[^"]+)
- )
- " \s+
- (?<NGINX_STATUS>\d+) \s+ # NGINX_STATUS
- (?<NGINX_BODY_BYTES_SENT>\d+) \s+ # NGINX_BODY_BYTES_SENT
- "(?<NGINX_HTTP_REFERER>[^"]*)" \s+ # NGINX_HTTP_REFERER
- "(?<NGINX_HTTP_USER_AGENT>[^"]*)" # NGINX_HTTP_USER_AGENT
- # When log2journal can detect the filename of each log entry (tail gives it
- # only when it tails multiple files), this key will be used to send the
- # filename to the journals.
- filename:
- key: NGINX_LOG_FILENAME
- rename:
- - new_key: MESSAGE
- old_key: NGINX_REQUEST
- # Inject constant fields into the journal logs.
- inject:
- - key: SYSLOG_IDENTIFIER
- value: nginx-log
- # inject PRIORITY is a duplicate of NGINX_STATUS
- - key: PRIORITY
- value: '${NGINX_STATUS}'
- # Inject NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
- - key: NGINX_STATUS_FAMILY
- value: '${NGINX_STATUS}'
- # Rewrite the value of fields (including the duplicated ones).
- # The search pattern can have named groups, and the replace pattern can use
- # them as ${name}.
- rewrite:
- # PRIORITY is a duplicate of NGINX_STATUS
- # Valid PRIORITIES: 0=emerg, 1=alert, 2=crit, 3=error, 4=warn, 5=notice, 6=info, 7=debug
- - key: PRIORITY
- match: '^[123]'
- value: 6
- - key: PRIORITY
- match: '^4'
- value: 5
- - key: PRIORITY
- match: '^5'
- value: 3
- - key: PRIORITY
- match: '.*'
- value: 4
- # NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
- - key: NGINX_STATUS_FAMILY
- match: '^(?<first_digit>[1-5])'
- value: '${first_digit}xx'
- - key: NGINX_STATUS_FAMILY
- match: '.*'
- value: 'UNKNOWN'
- # Control what to do when input logs do not match the main PCRE2 pattern.
- unmatched:
- # The journal key to log the PCRE2 error message to.
- # Set this to MESSAGE, so you to see the error in the log.
- key: MESSAGE
- # Inject static fields to the unmatched entries.
- # Set PRIORITY=1 (alert) to help you spot unmatched entries in the logs.
- inject:
- - key: PRIORITY
- value: 1
|
