{"id":23094865,"url":"https://github.com/natefoo/logflux","last_synced_at":"2025-04-03T19:23:29.404Z","repository":{"id":57438805,"uuid":"147699214","full_name":"natefoo/logflux","owner":"natefoo","description":"Read messages from rsyslog via a socket and send regex-parsed values to InfluxDB","archived":false,"fork":false,"pushed_at":"2018-09-07T20:18:02.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-13T12:38:51.694Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/natefoo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-06T16:04:13.000Z","updated_at":"2018-09-07T20:18:03.000Z","dependencies_parsed_at":"2022-09-08T08:03:43.434Z","dependency_job_id":null,"html_url":"https://github.com/natefoo/logflux","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natefoo%2Flogflux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natefoo%2Flogflux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natefoo%2Flogflux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natefoo%2Flogflux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/natefoo","download_url":"https://codeload.github.com/natefoo/logflux/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247062742,"owners_count":20877323,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-16T22:18:28.689Z","updated_at":"2025-04-03T19:23:29.384Z","avatar_url":"https://github.com/natefoo.png","language":"Python","readme":"# logflux\n\nRead messages from rsyslog via a socket and send regex-parsed values to InfluxDB\n\n## usage\n\n### rsyslog\n\nrsyslog 8.33.1 and newer supports creating log output in JSON format, which is preferred. To use, configure rsyslog (the\ntemplate format is important) with:\n\n```\ntemplate(name=\"logflux\" type=\"list\" option.jsonf=\"on\") {\n\tproperty(outname=\"@timestamp\" name=\"timereported\" dateFormat=\"rfc3339\" format=\"jsonf\")\n\tproperty(outname=\"host\" name=\"hostname\" format=\"jsonf\")\n\tproperty(outname=\"severity\" name=\"syslogseverity-text\" caseConversion=\"upper\" format=\"jsonf\")\n\tproperty(outname=\"facility\" name=\"syslogfacility-text\" format=\"jsonf\")\n\tproperty(outname=\"syslog-tag\" name=\"syslogtag\" format=\"jsonf\")\n\tproperty(outname=\"source\" name=\"app-name\" format=\"jsonf\")\n\tproperty(outname=\"message\" name=\"msg\" format=\"jsonf\")\n}\n\nmodule(load=\"omuxsock\")\n$OMUxSockSocket /tmp/logflux.sock\n*.*\t:omuxsock:;logflux\n```\n\nIf you have older versions of rsyslog that do not support JSON output, you can use the \"legacy\" format with the\nfollowing template:\n\n```\ntemplate(name=\"logflux\" type=\"list\") {\n\tconstant(value=\"@timestamp: \")\n\tproperty(outname=\"@timestamp\" name=\"timereported\" dateFormat=\"rfc3339\")\n\tconstant(value=\"\\nhost: \")\n\tproperty(outname=\"host\" name=\"hostname\")\n\tconstant(value=\"\\nseverity: \")\n\tproperty(outname=\"severity\" name=\"syslogseverity-text\" caseConversion=\"upper\")\n\tconstant(value=\"\\nfacility: \")\n\tproperty(outname=\"facility\" name=\"syslogfacility-text\")\n\tconstant(value=\"\\nsyslog-tag: \")\n\tproperty(outname=\"syslog-tag\" name=\"syslogtag\")\n\tconstant(value=\"\\nsource: \")\n\tproperty(outname=\"source\" name=\"app-name\")\n\tconstant(value=\"\\n\\n\")\n\tproperty(outname=\"message\" name=\"msg\")\n}\n```\n\nlogflux will automatically detect the format of the first message received and assume this format for all subsequent\nmessages. If you change message formats, restart logflux.\n\nNote: You may only want to send a subset of syslog messages to logflux, you can do so with [filter\nconditions](https://www.rsyslog.com/doc/v8-stable/configuration/filters.html). Note that advanced/RainerScript\nconfiguration syntax is not supported with `omuxsock` as of rsyslog 8.34.0.\n\n### logflux\n\nlogflux uses a YAML-syntax configuration style. The following example shows the syntax and available options:\n\n```yaml\n---\n\nsocket: /tmp/logflux.sock\n\ninflux:\n    host: localhost\n    port: 8086\n\ndatabase: logflux\n\nrules:\n  - name: nginx_rate_limit\n    match:\n      key: message\n      regex: '^nginx:.* limiting requests, excess: (?P\u003cexcess\u003e\\d+\\.\\d+) by zone \"(?P\u003czone\u003e[^\"]+)\", client: (?P\u003cclient\u003e[^,]+)'\n    fields:\n      value:\n        lookup: message.excess\n        type: float\n    tags:\n      zone: message.zone\n      client: message.client\n      hostname: host\n```\n\nBy default, logflux looks for its configuration in `logflux.yaml` in the current directory, this can be overridden with\nthe `-c` or `--config` command line option.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatefoo%2Flogflux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnatefoo%2Flogflux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatefoo%2Flogflux/lists"}