%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/share/syslog-ng/include/scl/logscale/
Upload File :
Create Path :
Current File : //backups/router/usr/local/share/syslog-ng/include/scl/logscale/logscale.conf

#############################################################################
# Copyright (c) 2023 Attila Szakacs
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################

# Batching best practices: https://library.humio.com/falcon-logscale/api-ingest.html#api-ingest-best-practices

@requires json-plugin


# https://library.humio.com/falcon-logscale/api-ingest.html#api-ingest-structured-data
block destination logscale(
  url("https://cloud.humio.com")
  token()

  rawstring("${MESSAGE}")
  timestamp("${S_ISODATE}")
  timezone("")
  attributes("--scope rfc5424 --exclude MESSAGE --exclude DATE --leave-initial-dot")

  batch_lines(1000)
  batch_bytes(1024kB)
  batch_timeout(1)
  workers(20)
  timeout(10)

  content_type("application/json")
  extra_headers("")
  use_system_cert_store(yes)
  ...)
{

@requires http "The logscale() driver depends on the syslog-ng http module, please install the syslog-ng-mod-http (Debian & derivatives) or the syslog-ng-http (RHEL & co) package"

  http(
    url("`url`/api/v1/ingest/humio-structured")
    headers(
      "Authorization: Bearer `token`"
      "Content-Type: `content_type`"
      `extra_headers`
    )
    delimiter(",")
    body-prefix('[{"events":[')
    body('$(format-json --scope none --omit-empty-values
              rawstring=`rawstring`
              timestamp=`timestamp`
              timezone=`timezone`
              attributes=$(if ("`attributes`" ne "") $(format-json --scope none `attributes`) ""))'
    )
    body-suffix(']}]')
    batch-lines(`batch_lines`)
    batch-bytes(`batch_bytes`)
    batch-timeout(`batch_timeout`)
    timeout(`timeout`)
    workers(`workers`)
    use_system_cert_store(`use_system_cert_store`)
    `__VARARGS__`
  );
};

Zerion Mini Shell 1.0