{%- if grains.get('init') == 'systemd' %} agent: plugin: fluent-plugin-systemd: deb: ['td-agent-additional-plugins'] config: label: default_metric: filter: metric_failed_user: tag: metric.failed_user type: prometheus metric: - name: failed_logins_total type: counter desc: The total number of failed logins. label: - name: host value: ${Hostname} metric_out_of_memory: tag: metric.out_of_memory type: prometheus metric: - name: out_of_memory_total type: counter desc: The total number of OOM. label: - name: host value: ${Hostname} metric_hdd_errors_parse: tag: metric.hdd_errors type: parser key_name: Payload parser: type: regexp format: '/(?[sv]d[a-z]+\d*)/' metric_hdd_errors: tag: metric.hdd_errors require: - metric_hdd_errors_parse type: prometheus metric: - name: hdd_errors_total type: counter desc: The total number of hdd errors. label: - name: host value: ${Hostname} - name: device value: ${device} systemd: input: systemd: type: systemd tag: systemd.source path: /run/log/journal pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/systemd.source.pos entry: field_map: MESSAGE: 'Payload' _CMDLINE: 'process' _PID: 'Pid' _COMM: 'programname' _SYSTEMD_UNIT: 'service' syslog_identifier: 'ident' priority: 'Severity' field_map_strict: True fields_strip_underscores: True fields_lowercase: True filter: add_severity_label: tag: systemd.source type: record_transformer enable_ruby: true record: - name: severity_label value: '${ {"TRACE"=>8,"DEBUG"=>7,"INFO"=>6,"NOTICE"=>5,"WARNING"=>4,"ERROR"=>3,"CRITICAL"=>2,"ALERT"=>1,"EMERGENCY"=>0}.key(record["Severity"].to_i) }' match: rewrite_tag: tag: systemd.source type: rewrite_tag_filter rule: - name: ident regexp: '^(.*)$' result: __TAG__.$1 push_to_default: tag: 'systemd.source.*' type: copy store: - type: relabel label: default_output - type: rewrite_tag_filter rule: - name: Payload regexp: '^Invalid user' result: metric.failed_user - name: Payload regexp: '^Out of memory' result: metric.out_of_memory - name: Payload regexp: >- 'error.*\b[sv]d[a-z]{1,2}\d{0,3}\b.*' result: metric.hdd_errors - name: Payload regexp: >- '\b[sv]d[a-z]{1,2}\d{0,3}\b.*error' result: metric.hdd_errors push_to_metric: tag: 'metric.**' type: relabel label: default_metric {%- else %} agent: config: label: default_metric: filter: metric_hdd_errors_parse: tag: metric.hdd_errors type: parser key_name: Payload parser: type: regexp format: '/(?[sv]d[a-z]+\d*)/' metric_hdd_errors: tag: metric.hdd_errors require: - metric_hdd_errors_parse type: prometheus metric: - name: hdd_errors_total type: counter desc: The total number of hdd errors. label: - name: host value: ${Hostname} - name: device value: ${device} syslog: input: syslog_file: type: tail tag: linux.syslog path: /var/log/syslog pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/linux_syslog.pos suppress_parse_error_log: true parser: type: regexp format: >- '/(?.*(?[sv]d[a-z]{1,2}\d{0,3}).*)/' match: push_to_default: tag: 'linux.**' type: copy store: - type: relabel label: default_output - type: rewrite_tag_filter rule: - name: Payload regexp: >- 'error.*\b[sv]d[a-z]{1,2}\d{0,3}\b.*' result: metric.hdd_errors - name: Payload regexp: >- '\b[sv]d[a-z]{1,2}\d{0,3}\b.*error' result: metric.hdd_errors push_to_metric: tag: 'metric.**' type: relabel label: default_metric {%- endif %}