syslog-ng-mod-extra 3.13.2-3 / usr / share / syslog-ng / include / scl / ewmm / ewmm.conf

This file is indexed.

/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf is in syslog-ng-mod-extra 3.13.2-3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#############################################################################
# Copyright (c) 2017 Balabit
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################

# This is the experimental transport for transferring messages in whole
# between syslog-ng instances.
#
# EWMM stands for "enterprise wide message model", which is also kind of an
# experimental name, but so far it stuck.
#
# Format:
#   - program name should be "@syslog-ng" which is used to recognize this message
#   - name-values are encoded as JSON in the MSG field
#   - name-value pairs that start with "._" should be hop-by-hop fields only
#     to transmit syslog-ng <> syslog-ng information and is not considered
#     part of the original message.
#   - regexp numeric matches ($0 .. $255) are not transmitted
#

block parser ewmm-parser() {
	channel {
                filter { program("@syslog-ng" type(string)); };

                # NOTE: this will probably overwrite all builtin
                # name value pairs, including $MSG
                rewrite {
                        unset(value("PROGRAM"));
                        unset(value("RAWMSG"));
                };
                parser { json-parser(); };
		parser { tags-parser(template("${._TAGS}")); };
                rewrite {
			# remove hop-by-hop fields
                        unset(value("._TAGS"));
                };
	};
};

template-function "format-ewmm" "<$PRI>1 $ISODATE $LOGHOST @syslog-ng - - ${SDATA:--} $(format-json --leave-initial-dot --scope all-nv-pairs --exclude 0* --exclude 1* --exclude 2* --exclude 3* --exclude 4* --exclude 5* --exclude 6* --exclude 7* --exclude 8* --exclude 9* --exclude SOURCE --exclude .SDATA.* ._TAGS=${TAGS})\n";

block destination syslog-ng(server('127.0.0.1') transport(tcp) port(514)) {
        network("`server`" transport(`transport`) port(`port`)
                template("$(format-ewmm)")
                frac-digits(3)
		`__VARARGS__`
        );
};

APT Browse - Built by Thomas Orozco.