rsyslog/meta/heka.yml - salt-formulas/rsyslog - Gitiles

 {%- from "rsyslog/map.jinja" import global with context %}
 log_collector:
   decoder:
     syslog:
       engine: sandbox
       module_file: /usr/share/lma_collector/decoders/generic_syslog.lua
       module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
       adjust_timezone: true
       config:
         {%- if global.format is defined %}
         syslog_pattern: '{{ global.format.template }}'
         fallback_syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
         {%- else %}
         syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
         {%- endif %}
   input:
     {%- if salt.get('rsyslog_util.syslog_file_match', None) %}
     {%- set file_match = salt['rsyslog_util.syslog_file_match'](global.output) %}
     {%- if file_match|length > 0 %}
     {%- for logdir, pattern in file_match.iteritems() %}
     syslog{{ logdir.replace('/', '_') }}:
       engine: logstreamer
       log_directory: "{{ logdir }}"
       file_match: '(?P<Service>{{ pattern }})'
       differentiator: [ 'system.', 'Service' ]
       decoder: "syslog_decoder"
       splitter: "TokenSplitter"
     {%- endfor %}
     {%- endif %}
     {%- endif %}
     syslog_haproxy:
       engine: logstreamer
       log_directory: "/var/log"
       file_match: 'haproxy\.log'
       differentiator: [ 'system.', 'haproxy' ]
       decoder: "syslog_decoder"
       splitter: "TokenSplitter"
   filter:
     failed_logins:
       engine: sandbox
       module_file: /usr/share/lma_collector/filters/failed_logins.lua
       module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
       message_matcher: "Type == 'log' && Logger == 'system.auth'"
       ticker_interval: 60
       config:
         hostname: '{{ grains.host }}'
         grace_interval: 30
 metric_collector:
   trigger:
     failed_logins_warning:
       description: 'The rate of failed logins is too high.'
       severity: warning
       rules:
       - metric: failed_logins_rate
         relational_operator: '>='
         threshold: 0.2
         window: 120
         periods: 0
         function: avg
   alarm:
     failed_logins:
       alerting: enabled
       triggers:
       - failed_logins_warning
	{%- from "rsyslog/map.jinja" import global with context %}
	log_collector:
	decoder:
	syslog:
	engine: sandbox
	module_file: /usr/share/lma_collector/decoders/generic_syslog.lua
	module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
	adjust_timezone: true
	config:
	{%- if global.format is defined %}
	syslog_pattern: '{{ global.format.template }}'
	fallback_syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
	{%- else %}
	syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
	{%- endif %}
	input:
	{%- if salt.get('rsyslog_util.syslog_file_match', None) %}
	{%- set file_match = salt['rsyslog_util.syslog_file_match'](global.output) %}
	{%- if file_match\|length > 0 %}
	{%- for logdir, pattern in file_match.iteritems() %}
	syslog{{ logdir.replace('/', '_') }}:
	engine: logstreamer
	log_directory: "{{ logdir }}"
	file_match: '(?P<Service>{{ pattern }})'
	differentiator: [ 'system.', 'Service' ]
	decoder: "syslog_decoder"
	splitter: "TokenSplitter"
	{%- endfor %}
	{%- endif %}
	{%- endif %}
	syslog_haproxy:
	engine: logstreamer
	log_directory: "/var/log"
	file_match: 'haproxy\.log'
	differentiator: [ 'system.', 'haproxy' ]
	decoder: "syslog_decoder"
	splitter: "TokenSplitter"
	filter:
	failed_logins:
	engine: sandbox
	module_file: /usr/share/lma_collector/filters/failed_logins.lua
	module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
	message_matcher: "Type == 'log' && Logger == 'system.auth'"
	ticker_interval: 60
	config:
	hostname: '{{ grains.host }}'
	grace_interval: 30
	metric_collector:
	trigger:
	failed_logins_warning:
	description: 'The rate of failed logins is too high.'
	severity: warning
	rules:
	- metric: failed_logins_rate
	relational_operator: '>='
	threshold: 0.2
	window: 120
	periods: 0
	function: avg
	alarm:
	failed_logins:
	alerting: enabled
	triggers:
	- failed_logins_warning