kubernetes() source options
This section describes the options of the kubernetes() source in syslog-ng OSE.
The kubernetes() source has the following options:
base-dir()
| Type: | path without filename |
| Default: | /var/log/containers |
Description: The path to the directory that contains the log files, for example, base-dir("/var/log/pods").
chain-hostname()
| Type: | yes, no |
| Default: | no |
Description: This option can be used to enable or disable the chained hostname format. For more information, see the chain-hostnames() global option.
cluster-name()
| Type: | string |
| Default: | k8s |
Description:The name of the Kubernetes cluster.
format()
| Synopsis: | format(string) |
| Default: | syslog |
Description: This option specifies the default message parsing format used by syslog-ng OSE.
Plugins can define their own format parsers; if a plugin does not provide one, the default syslog format parser is used.
You can also define and explicitly use a custom parser separately, for example, in Python. For more information, see syslog parser.
internal()
Description: To collect warnings, errors and notices from syslog-ng OSE itself, include this source in one of your source statements.
Example format in configuration:
source s_local { internal(); };
For more details, see internal: Collecting internal messages.
normalize-hostnames()
| Type: | yes, no |
| Default: | no |
Description: If this option is set to yes (normalize-hostnames(yes)), syslog-ng OSE converts the hostnames to lowercase. This setting only applies to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
| Accepted values: | yes | no|
|Default: |no|
NOTE: This setting applies only to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
prefix()
| Synopsis: | prefix() |
Description: Insert a prefix before the name part of the parsed name-value pairs to help further processing. For example:
-
To insert the my-parsed-data. prefix, use the prefix(my-parsed-data.) option.
-
To refer to a particular data that has a prefix, use the prefix in the name of the macro, for example, ${my-parsed-data.name}.
-
If you forward the parsed messages using the IETF-syslog protocol, you can insert all the parsed data into the
SDATApart of the message using the prefix(.SDATA.my-parsed-data.) option.
Names starting with a dot (for example, .example) are reserved for use by syslog-ng OSE. If you use such a macro name as the name of a parsed value, it will attempt to replace the original value of the macro (note that only soft macros can be overwritten, see Hard versus soft macros. To avoid such problems, use a prefix when naming the parsed values, for example, prefix(my-parsed-data.)
sdata-prefix()
| Type: | string |
| Default: | .SDATA. |
Available in syslog-ng OSE 4.1 and later versions.
Description: Adds a specific string before the names of the parsed SDATA fields to store the name-value pairs created from the SDATA fields separately. Note that unless the value of sdata-prefix starts with .SDATA., using this option excludes the parsed fields from the sdata and rfc5424 scopes of the value pairs.
The prefix() option is optional and its default value is “.k8s.”.
use-syslogng-pid()
| Accepted values: | yes, no |
| Default: | no |
Description: If this parameter is set to yes, syslog-ng OSE fills the value of the ${PID} macro with its own process ID.