Syslog 输出插件
此插件通过 UDP 以RFC5426 格式或通过 TCP 以RFC6587 格式或通过 TLS 以RFC5425 格式将指标作为 syslog 消息写入,无论是否带八位字节计数帧。
Syslog 消息根据RFC5424 进行格式化,在发送消息时根据 RFC 的syslog 消息格式部分限制字段大小。发送超出这些大小的消息可能会被严格的接收方静默丢弃。
引入于: Telegraf v1.11.0 标签: logging 操作系统支持: all
全局配置选项
插件支持其他全局和插件配置设置,用于修改指标、标签和字段,创建别名以及配置插件顺序等任务。更多详情请参阅 CONFIGURATION.md。
启动错误行为选项
除了插件特定的和全局的配置设置外,该插件还支持使用 startup_error_behavior 设置来指定出现启动错误时的行为。可用值如下:
error:如果出现启动错误,Telegraf 将停止并退出。这是默认行为。ignore:Telegraf 将忽略此插件的启动错误,并禁用它,但会继续处理所有其他插件。retry: Telegraf 会在每次收集或写入周期内尝试启动插件,以防出现启动错误。在启动成功之前,插件将被禁用。probe: Telegraf 将(如果可能)探测插件的功能,并在探测失败时禁用该插件。如果插件不支持探测,Telegraf 将表现得如同设置了ignore一样。
配置
# Configuration for Syslog server to send metrics to
[[outputs.syslog]]
## URL to connect to
## ex: address = "tcp://127.0.0.1:8094"
## ex: address = "tcp4://127.0.0.1:8094"
## ex: address = "tcp6://127.0.0.1:8094"
## ex: address = "tcp6://[2001:db8::1]:8094"
## ex: address = "udp://127.0.0.1:8094"
## ex: address = "udp4://127.0.0.1:8094"
## ex: address = "udp6://127.0.0.1:8094"
address = "tcp://127.0.0.1:8094"
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
## Use TLS but skip chain & host verification
# insecure_skip_verify = false
## Period between keep alive probes.
## Only applies to TCP sockets.
## 0 disables keep alive probes.
## Defaults to the OS configuration.
# keep_alive_period = "5m"
## The framing technique with which it is expected that messages are
## transported (default = "octet-counting"). Whether the messages come
## using the octet-counting (RFC5425#section-4.3.1, RFC6587#section-3.4.1),
## or the non-transparent framing technique (RFC6587#section-3.4.2). Must
## be one of "octet-counting", "non-transparent".
# framing = "octet-counting"
## The trailer to be expected in case of non-transparent framing (default = "LF").
## Must be one of "LF", or "NUL".
# trailer = "LF"
## SD-PARAMs settings
## Syslog messages can contain key/value pairs within zero or more
## structured data sections. For each unrecognized metric tag/field a
## SD-PARAMS is created.
##
## Example:
## [[outputs.syslog]]
## sdparam_separator = "_"
## default_sdid = "default@32473"
## sdids = ["foo@123", "bar@456"]
##
## input => xyzzy,x=y foo@123_value=42,bar@456_value2=84,something_else=1
## output (structured data only) => [foo@123 value=42]()[default@32473 something_else=1 x=y]
## SD-PARAMs separator between the sdid and tag/field key (default = "_")
# sdparam_separator = "_"
## Default sdid used for tags/fields that don't contain a prefix defined in
## the explicit sdids setting below If no default is specified, no SD-PARAMs
## will be used for unrecognized field.
# default_sdid = "default@32473"
## List of explicit prefixes to extract from tag/field keys and use as the
## SDID, if they match (see above example for more details):
# sdids = ["foo@123", "bar@456"]
## Default severity value. Severity and Facility are used to calculate the
## message PRI value (RFC5424#section-6.2.1). Used when no metric field
## with key "severity_code" is defined. If unset, 5 (notice) is the default
# default_severity_code = 5
## Default facility value. Facility and Severity are used to calculate the
## message PRI value (RFC5424#section-6.2.1). Used when no metric field with
## key "facility_code" is defined. If unset, 1 (user-level) is the default
# default_facility_code = 1
## Default APP-NAME value (RFC5424#section-6.2.5)
## Used when no metric tag with key "appname" is defined.
## If unset, "Telegraf" is the default
# default_appname = "Telegraf"指标映射
输出插件期望 syslog 指标的标签和字段与 syslog 输入中创建的匹配。
下表显示了用于格式化 syslog 消息的指标标签、字段和默认值。
| Syslog 字段 | 指标标签 | 指标字段 | 默认值 |
|---|---|---|---|
| APP-NAME | appname | - | default_appname = “Telegraf” |
| TIMESTAMP | - | timestamp | 指标自身的 timestamp |
| VERSION | - | version | 1 |
| PRI | - | severity_code + (8 * facility_code) | default_severity_code=5 (notice), default_facility_code=1 (user-level) |
| HOSTNAME | hostname OR source OR host | - | os.Hostname() |
| MSGID | - | msgid | 指标名称 |
| PROCID | - | procid | - |
| MSG | - | msg | - |
此页面是否有帮助?
感谢您的反馈!
支持和反馈
感谢您成为我们社区的一员!我们欢迎并鼓励您对 Telegraf 和本文档提出反馈和 bug 报告。要获取支持,请使用以下资源
具有年度合同或支持合同的客户可以 联系 InfluxData 支持。