kubernetes() source options
This section describes the options of the kubernetes() source in syslog-ng OSE.
The kubernetes() source has the following options:
base-dir()
| Type: | path without filename |
| Default: | /var/log/containers |
Description: The path to the directory that contains the log files, for example, base-dir("/var/log/pods").
chain-hostname()
| Accepted values: | yes, no |
| Default: | no |
Description: This option can be used to enable or disable the chained hostname format. For more information, see the chain-hostnames() global option.
cluster-name()
| Type: | string |
| Default: | k8s |
Description:The name of the Kubernetes cluster.
format()
| Synopsis: | format(string) |
| Default: | syslog |
Description: This option specifies the default message parsing format used by syslog-ng OSE.
Plugins can define their own format parsers; if a plugin does not provide one, the default syslog format parser is used.
You can also define and explicitly use a custom parser separately, for example, in Python. For more information, see syslog parser.
internal()
Description: To collect warnings, errors and notices from syslog-ng OSE itself, include this source in one of your source statements.
Example format in configuration:
source s_local { internal(); };
For more details, see internal: Collecting internal messages.
normalize-hostnames()
| Accepted values: | yes, no |
| Default: | no |
Description: If this option is set to yes (normalize-hostnames(yes)), syslog-ng OSE converts the hostnames to lowercase. This setting only applies to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
NOTE: This setting applies only to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
prefix()
| Type: | string |
| Default: | .k8s. |
Description: Insert a prefix before the name part of the parsed name-value pairs to help further processing. For example:
-
To insert the
my-parsed-data.prefix, use theprefix(my-parsed-data.)option. -
To refer to a particular data that has a prefix, use the prefix in the name of the macro, for example,
${my-parsed-data.name}. -
If you forward the parsed messages using the IETF-syslog protocol, you can insert all the parsed data into the
SDATApart of the message using theprefix(.SDATA.my-parsed-data.)option.
Names starting with a dot (for example, .example) are reserved for use
by syslog-ng OSE. If you use such a macro name as the name of a parsed
value, it will attempt to replace the original value of the macro (note
that only soft macros can be overwritten, see
Hard versus soft macros.
To avoid such problems, use a prefix when naming the parsed values, for example, prefix(my-parsed-data.).
By default, -parser() uses the .k8s. prefix. To modify it, use
the following format:
parser {
-parser(
... other options ...
prefix("myprefix.")
);
};
sdata-prefix()
| Type: | string |
| Default: | .SDATA. |
Available in syslog-ng OSE 4.1 and later versions.
Description: Adds a specific string before the names of the parsed SDATA fields to store the name-value pairs created from the SDATA fields separately. Note that unless the value of sdata-prefix starts with .SDATA., using this option excludes the parsed fields from the sdata and rfc5424 scopes of the value pairs.