%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/share/syslog-ng/include/scl/sumologic/
Upload File :
Create Path :
Current File : //backups/router/usr/local/share/syslog-ng/include/scl/sumologic/sumologic.conf

#############################################################################
# Copyright (c) 2020 Balabit
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################

# EXAMPLES:
#
# With TLS encryption (make sure you trust the sumologic CA cert by putting it
# to /etc/ssl, or create a separate CA directory):
# For endpoint see - https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security
#
# Send data using syslog:
#    log {
#       destination {
#                sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic") deployment("ENDPOINT")
#                       tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d'))
#                );
#       };
#    };
#
#
# Send JSON data:
#    log {
#        source { system(); };
#        destination {
#            sumologic-syslog(token("USER-TOKEN-AS-PROVIDED-BY-sumologic") deployment("ENDPOINT")
#                   tls(peer-verify(required-trusted) ca-dir('/etc/syslog-ng/ca.d')) template("$(format-json --scope all-nv-pairs)"));
#            );
#        };
#    };
#
# Send data using http:
#    log {
#        destination {
#            sumologic-http(collector("UNIQUE-HTTP-COLLECTOR-CODE-AS-PROVIDED-BY-sumologic") deployment("ENDPOINT")
#                   tls(peer-verify(yes) ca-dir('/etc/syslog-ng/ca.d')));
#            );
#        };
#    };
#

block destination sumologic-syslog(token()
                         tag("tag")
                         deployment()
                         port(6514)
                         tls()
                         template("$MSG") ...) {

@requires json-plugin "The json-plugin is required for sumologic-syslog()"

  network("syslog.collection.`deployment`.sumologic.com" port(`port`) transport(tls) tls(`tls`)
          template("<${PRI}>1 ${ISODATE} ${HOST} ${PROGRAM:--} ${PID:--} ${MSGID:--} [`token` tag=\"`tag`\"] `template`\n")
          template_escape(no)
          `__VARARGS__`
  );
};

block destination sumologic-http(
  deployment()
  collector()
  use-system-cert-store(yes)
  tls("")
  batch-lines(1000)
  batch-bytes(1MiB)
  template("$(format-json --scope all-nv-pairs --exclude SOURCE)\n")
  ...)
{

@requires http "The http() driver is required for sumologic-http(), please install syslog-ng-mod-http (Debian) or syslog-ng-http (RHEL) package"

  http(
    url("https://collectors.`deployment`.sumologic.com/receiver/v1/http/`collector`")
    method("POST")
    use-system-cert-store(`use-system-cert-store`)
    tls(`tls`)
    batch-lines(`batch-lines`)
    batch-bytes(`batch-bytes`)
    body(`template`)
    `__VARARGS__`
  );
};

Zerion Mini Shell 1.0