bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "-bash"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2021-09-01 13:59:00 +03:00
parent d692c4a77d
commit 2ad4480d03
12 changed files with 1 additions and 802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.etckeeper
View File

@@ -49,6 +49,7 @@ mkdir -p './mail/spamassassin/sa-update-keys/private-keys-v1.d'
mkdir -p './modulefiles'
mkdir -p './modules-load.d'
mkdir -p './named'
mkdir -p './newrelic-infra/integrations.d'
mkdir -p './nginx/conf.d/ganool/nginx/modules'
mkdir -p './nginx/conf.d/ganool/nginx/ngx1/nginx/modules'
mkdir -p './nginx/html/.well-known/acme-challenge'
@@ -3222,14 +3223,8 @@ maybe chmod 0644 'networks'
maybe chmod 0755 'newrelic-infra'
maybe chmod 0644 'newrelic-infra.yml'
maybe chmod 0755 'newrelic-infra/integrations.d'
maybe chmod 0644 'newrelic-infra/integrations.d/docker-config.yml'
maybe chmod 0755 'newrelic-infra/logging.d'
maybe chmod 0644 'newrelic-infra/logging.d/file.yml.example'
maybe chmod 0644 'newrelic-infra/logging.d/fluentbit.yml.example'
maybe chmod 0644 'newrelic-infra/logging.d/postfix.yml'
maybe chmod 0644 'newrelic-infra/logging.d/syslog.yml.example'
maybe chmod 0644 'newrelic-infra/logging.d/systemd.yml.example'
maybe chmod 0644 'newrelic-infra/logging.d/tcp.yml.example'
maybe chmod 0644 'nfs.conf'
maybe chmod 0644 'nfsmount.conf'
maybe chmod 0700 'nftables'
@@ -4044,7 +4039,6 @@ maybe chmod 0644 'pki/nssdb/key3.db'
maybe chmod 0644 'pki/nssdb/key4.db'
maybe chmod 0644 'pki/nssdb/pkcs11.txt'
maybe chmod 0644 'pki/nssdb/secmod.db'
maybe chmod 0644 'pki/openssl10.cnf'
maybe chown 'pesign' 'pki/pesign'
maybe chgrp 'pesign' 'pki/pesign'
maybe chmod 0770 'pki/pesign'
@@ -4910,7 +4904,6 @@ maybe chmod 0755 'systemd/system/mariadb.service.d'
maybe chmod 0644 'systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf'
maybe chmod 0755 'systemd/system/multi-user.target.wants'
maybe chmod 0755 'systemd/system/network-online.target.wants'
maybe chmod 0644 'systemd/system/newrelic-infra.service'
maybe chmod 0755 'systemd/system/nfs-blkmap.service.requires'
maybe chmod 0755 'systemd/system/nfs-idmapd.service.requires'
maybe chmod 0755 'systemd/system/nfs-mountd.service.requires'
@@ -4936,10 +4929,6 @@ maybe chmod 0644 'systemd/user.conf'
maybe chmod 0755 'systemd/user/sockets.target.wants'
maybe chgrp 'tss' 'tcsd.conf'
maybe chmod 0640 'tcsd.conf'
maybe chmod 0755 'td-agent-bit'
maybe chmod 0644 'td-agent-bit/parsers.conf'
maybe chmod 0644 'td-agent-bit/plugins.conf'
maybe chmod 0644 'td-agent-bit/td-agent-bit.conf'
maybe chmod 0755 'terminfo'
maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'tmpfiles.d/clamav.conf'

12
newrelic-infra/integrations.d/docker-config.yml
View File

@@ -1,12 +0,0 @@
integrations:
- name: nri-docker
when:
feature: docker_enabled
file_exists: /var/run/docker.sock
interval: 15s
- name: nri-docker
when:
feature: docker_enabled
env_exists:
FARGATE: "true"
interval: 15s

42
newrelic-infra/logging.d/file.yml.example
View File

@@ -1,42 +0,0 @@
###############################################################################
# Log forwarder configuration file example #
# Source: file #
# Available customization parameters: attributes, max_line_kb, pattern #
###############################################################################
logs:
# Basic tailing of a single file
- name: basic-file
file: /var/log/logFile.log
# File with spaces in its path. No need to use quotes.
- name: file-with-spaces-in-path
file: /var/log/folder with spaces/logFile.log
# Specify a list of custom attributes, as key-value pairs, to be included
# in each log record
- name: file-with-attributes
file: /var/log/logFile.log
attributes:
application: tomcat
department: sales
maintainer: example@mailprovider.com
# Use wildcards to refer to multiple files having a common extension or
# prefix. Newly generated files will be automatically detected every 60
# seconds.
#
# WARNING: avoid using wildcards that include the file extension, since
# it'll cause logs to be forwarded repeatedly if log rotation is enabled.
- name: log-files-in-folder
file: /var/log/logF*.log
# Lines longer than 128 KB will be automatically skipped. Use 'max_line_kb'
# to increase this limit.
- name: log-file-with-long-lines
file: /var/log/logFile.log
max_line_kb: 256
# Use 'pattern' to filter records using a regular expression
- name: only-records-with-warn-and-error
file: /var/log/logFile.log
pattern: WARN|ERROR

21
newrelic-infra/logging.d/fluentbit.yml.example
View File

@@ -1,21 +0,0 @@
###############################################################################
# Log forwarder configuration file example #
# Source: fluentbit #
# Available customization parameters: <none> #
###############################################################################
logs:
# Use an external configuration file in the Fluentbit native format. You can
# also define your own 'parsers.conf' file if your native Fluentbit
# configuration file defines custom parsers for your log records.
#
# WARNING: do not define an output using the 'newrelic' plugin in external
# configuration files, as you'd potentially end up with duplicated log
# records in New Relic. The New Relic agent already sets an output plugin
# for you.
#
# NOTE: 'rfc3164', 'rfc3164-local' and 'rfc5424' are reserved parser names
# and must not be used in your custom parsers.conf
- name: external-fluentbit-config-and-parsers-file
fluentbit:
config_file: /home/user/Configs/fluent-bit.conf
parsers_file: /home/user/Configs/parsers.conf

80
newrelic-infra/logging.d/syslog.yml.example
View File

@@ -1,80 +0,0 @@
###############################################################################
# Log forwarder configuration file example #
# Source: syslog #
# Available customization parameters: attributes, max_line_kb #
###############################################################################
logs:
# Syslog RFC3164 via TCP IP socket
- name: syslog-tcp-rfc3164
syslog:
uri: tcp://127.0.0.1:5140
parser: rfc3164
# Syslog RFC5424 via TCP IP socket
- name: syslog-tcp-rfc5424
syslog:
uri: tcp://127.0.0.1:5141
parser: rfc5424
# Syslog RFC3164 via UDP IP socket
- name: syslog-udp-rfc3164
syslog:
uri: udp://127.0.0.1:6140
parser: rfc3164
# Syslog RFC5424 via UDP IP socket
- name: syslog-udp-rfc5424
syslog:
uri: udp://127.0.0.1:6141
parser: rfc5424
# General WARNINGS on Syslog via Unix (domain) sockets:
# - Default socket permissions are changed to 0644 by Fluentbit, so only
# processes running as root (if the agent runs as root) or nri-agent (if
# the agent runs as nri-agent) will be able to write to the logs. You can
# use 0666 to allow processes run by other users to write into the socket,
# at your own risk.
# - Sockets must either exist and be readable by the user executing the
# Infrastructure Agent, or defined in a folder where such user can create a
# new socket file.
# Syslog RFC3164 via TCP Unix (domain) socket
- name: syslog-unix-tcp-rfc3164
syslog:
uri: unix_tcp:///home/user/Sockets/unix-tcp-socket-rfc3164
parser: rfc3164
# unix_permissions: 0666
# Syslog RFC5424 via TCP Unix (domain) socket
- name: syslog-unix-tcp-rfc5424
syslog:
uri: unix_tcp:///home/user/Sockets/unix-tcp-socket-rfc5424
parser: rfc5424
# unix_permissions: 0666
# Syslog RFC3164 via UDP Unix (domain) socket
- name: syslog-unix-udp-rfc3164
syslog:
uri: unix_udp:///home/user/Sockets/unix-udp-socket-rfc3164
parser: rfc3164
# unix_permissions: 0666
# Syslog RFC5424 via UDP Unix (domain) socket
- name: syslog-unix-udp-test-rfc5424
syslog:
uri: unix_udp:///home/user/Sockets/unix-udp-socket-rfc5424
parser: rfc5424
# unix_permissions: 0666
# You can optionally include the 'attributes' and 'max_line_kb parameters'
# (refer to file.yml.example or to the official documentation for more
# details)
- name: customized-syslog-tcp-rfc5424
syslog:
uri: tcp://127.0.0.1:5142
parser: rfc5424
attributes:
application: tomcat
department: sales
maintainer: example@mailprovider.com
max_line_kb: 256

22
newrelic-infra/logging.d/systemd.yml.example
View File

@@ -1,22 +0,0 @@
###############################################################################
# Log forwarder configuration file example #
# Source: systemd #
# Available customization parameters: attributes, max_line_kb, pattern #
###############################################################################
logs:
# Systemd 'cupsd' service
# WARNING: Infrastructure Agent must run as *root* to use this source
- name: systemd-cups
systemd: cupsd
# You can optionally include the 'attributes', 'max_line_kb' and 'pattern'
# parameters (refer to file.yml.example or to the official documentation for
# more details)
- name: customized-systemd-cupsd
systemd: cupsd
attributes:
application: tomcat
department: sales
maintainer: example@mailprovider.com
max_line_kb: 256
pattern: WARN|ERROR

31
newrelic-infra/logging.d/tcp.yml.example
View File

@@ -1,31 +0,0 @@
###############################################################################
# Log forwarder configuration file example #
# Source: tcp #
# Available customization parameters: attributes, max_line_kb #
###############################################################################
logs:
# TCP log ingestion with no specific format. Records separated by line breaks.
- name: tcp-with-no-format
tcp:
uri: tcp://127.0.0.1:5170
format: none
separator: \n
# TCP log ingestion in JSON format.
- name: tcp-json
tcp:
uri: tcp://127.0.0.1:5171
format: json
# You can optionally include the 'attributes' and 'max_line_kb' parameters
# (refer to file.yml.example or to the official documentation for more
# details)
- name: customized-tcp-json
tcp:
uri: tcp://127.0.0.1:5172
format: json
attributes:
application: tomcat
department: sales
maintainer: example@mailprovider.com
max_line_kb: 256

352
pki/openssl10.cnf
View File

@@ -1,352 +0,0 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use SHA-256 by default
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
#stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
localityName_default = Default City
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)

19
systemd/system/newrelic-infra.service
View File

@@ -1,19 +0,0 @@
[Unit]
Description=New Relic Infrastructure Agent
After=dbus.service syslog.target network.target
[Service]
RuntimeDirectory=newrelic-infra
Type=simple
ExecStart=/usr/bin/newrelic-infra-service
MemoryLimit=1G
# MemoryMax is only supported in systemd > 230 and replaces MemoryLimit. Some cloud dists do not have that version
# MemoryMax=1G
Restart=always
RestartSec=20
StartLimitInterval=0
StartLimitBurst=5
PIDFile=/var/run/newrelic-infra/newrelic-infra.pid
[Install]
WantedBy=multi-user.target

116
td-agent-bit/parsers.conf
View File

@@ -1,116 +0,0 @@
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>.*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
# https://rubular.com/r/IhIbCAIs7ImOkc
Name k8s-nginx-ingress
Format regex
Regex ^(?<host>[^ ]*) - (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (\[(?<proxy_alternative_upstream_name>[^ ]*)\] )?(?<upstream_addr>[^ ]*) (?<upstream_response_length>[^ ]*) (?<upstream_response_time>[^ ]*) (?<upstream_status>[^ ]*) (?<reg_id>[^ ]*).*$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
# --
# Since Fluent Bit v1.2, if you are parsing Docker logs and using
# the Kubernetes filter, it's not longer required to decode the
# 'log' key.
#
# Command | Decoder | Field | Optional Action
# =============|==================|=================
#Decode_Field_As json log
[PARSER]
Name docker-daemon
Format regex
Regex time="(?<time>[^ ]*)" level=(?<level>[^ ]*) msg="(?<msg>[^ ].*)"
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
Name syslog-rfc5424
Format regex
Regex ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*?)\]|-)) (?<message>.+)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
Time_Keep On
[PARSER]
Name syslog-rfc3164-local
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
Time_Keep On
[PARSER]
Name syslog-rfc3164
Format regex
Regex /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
Time_Key time
Time_Format %b %d %H:%M:%S
Time_Keep On
[PARSER]
Name mongodb
Format regex
Regex ^(?<time>[^ ]*)\s+(?<severity>\w)\s+(?<component>[^ ]+)\s+\[(?<context>[^\]]+)]\s+(?<message>.*?) *(?<ms>(\d+))?(:?ms)?$
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
Time_Key time
[PARSER]
# https://rubular.com/r/3fVxCrE5iFiZim
Name envoy
Format regex
Regex ^\[(?<start_time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)? (?<protocol>\S+)" (?<code>[^ ]*) (?<response_flags>[^ ]*) (?<bytes_received>[^ ]*) (?<bytes_sent>[^ ]*) (?<duration>[^ ]*) (?<x_envoy_upstream_service_time>[^ ]*) "(?<x_forwarded_for>[^ ]*)" "(?<user_agent>[^\"]*)" "(?<request_id>[^\"]*)" "(?<authority>[^ ]*)" "(?<upstream_host>[^ ]*)"
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
Time_Keep On
Time_Key start_time
[PARSER]
# http://rubular.com/r/tjUt3Awgg4
Name cri
Format regex
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
[PARSER]
Name kube-custom
Format regex
Regex (?<tag>[^.]+)?\.?(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$

2
td-agent-bit/plugins.conf
View File

@@ -1,2 +0,0 @@
[PLUGINS]
# Path /path/to/out_gstdout.so

93
td-agent-bit/td-agent-bit.conf
View File

@@ -1,93 +0,0 @@
[SERVICE]
# Flush
# =====
# set an interval of seconds before to flush records to a destination
flush 5
# Daemon
# ======
# instruct Fluent Bit to run in foreground or background mode.
daemon Off
# Log_Level
# =========
# Set the verbosity level of the service, values can be:
#
# - error
# - warning
# - info
# - debug
# - trace
#
# by default 'info' is set, that means it includes 'error' and 'warning'.
log_level info
# Parsers File
# ============
# specify an optional 'Parsers' configuration file
parsers_file parsers.conf
# Plugins File
# ============
# specify an optional 'Plugins' configuration file to load external plugins.
plugins_file plugins.conf
# HTTP Server
# ===========
# Enable/Disable the built-in HTTP Server for metrics
http_server Off
http_listen 0.0.0.0
http_port 2020
# Storage
# =======
# Fluent Bit can use memory and filesystem buffering based mechanisms
#
# - https://docs.fluentbit.io/manual/administration/buffering-and-storage
#
# storage metrics
# ---------------
# publish storage pipeline metrics in '/api/v1/storage'. The metrics are
# exported only if the 'http_server' option is enabled.
#
storage.metrics on
# storage.path
# ------------
# absolute file system path to store filesystem data buffers (chunks).
#
# storage.path /tmp/storage
# storage.sync
# ------------
# configure the synchronization mode used to store the data into the
# filesystem. It can take the values normal or full.
#
# storage.sync normal
# storage.checksum
# ----------------
# enable the data integrity check when writing and reading data from the
# filesystem. The storage layer uses the CRC32 algorithm.
#
# storage.checksum off
# storage.backlog.mem_limit
# -------------------------
# if storage.path is set, Fluent Bit will look for data chunks that were
# not delivered and are still in the storage layer, these are called
# backlog data. This option configure a hint of maximum value of memory
# to use when processing these records.
#
# storage.backlog.mem_limit 5M
[INPUT]
name cpu
tag cpu.local
# Read interval (sec) Default: 1
interval_sec 1
[OUTPUT]
name stdout
match *