Skip to content

archiver_syslog job from logsearch/211.0.3

This job runs Logstash to forward Syslog data to archive

Github source: 03b1ebc or master branch

Properties

logstash

env

a list of arbitrary key-value pairs to be passed on as process environment variables. eg: FOO: 123

Default
[]

heap_size

sets jvm heap sized

jvm_options

additional jvm options

Default
[]

log_level

The default logging level (e.g. WARN, DEBUG, INFO)

Default
info

metadata_level

Whether to include additional metadata throughout the event lifecycle. NONE = disabled, DEBUG = fully enabled

Default
NONE

plugins

Array of hashes describing logstash plugins to install

Default
[]
Example
- name: logstash-output-cloudwatchlogs
  version: 2.0.0

queue

checkpoint
acks

The maximum number of acked events before forcing a checkpoint.

Default
1024
interval

The interval in milliseconds when a checkpoint is forced on the head page.

Default
1000
writes

The maximum number of written events before forcing a checkpoint.

Default
1024
max_bytes

The total capacity of the queue in number of bytes.

Default
1024mb
max_events

The maximum number of unread events in the queue.

Default
0
page_capacity

The page data files size. The queue data consists of append-only data files separated into pages.

Default
250mb
type

Internal queuing model, “memory” for legacy in-memory based queuing and “persisted” for disk-based acked queueing.

Default
persisted

logstash_archiver

files

Number of files open which the system ulimit settings allow

Default
4096

logstash_ingestor

debug

Debug level logging

Default
false

filters

Filters to execute on the ingestors

health

disable_post_start

Skip post-start health checks? (true / false)

Default
false
interval

Logstash syslog health check interval (seconds)

Default
5
timeout

Logstash syslog health check number of attempts (seconds)

Default
300

outputs

A list of output plugins, with a hash of options for each of them.

Default
[]

relp

port

Port to listen for RELP messages

Default
2514

syslog

port

Port to listen for syslog messages

Default
5514
transport

Transport protocol to use

Default
tcp

syslog_tls

port

Port to listen for syslog-TLS messages (omit to disable)

skip_ssl_validation

Verify the identity of the other end of the SSL connection against the CA.

Default
false
ssl_cert

Syslog-TLS SSL certificate (file contents, not a path) - required if logstash_ingestor.syslog_tls.port set

ssl_key

Syslog-TLS SSL key (file contents, not a path) - required if logstash_ingestor.syslog_tls.port set

workers

The number of worker threads that logstash should use (default: auto = one per CPU)

Default
auto

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/archiver_syslog/ directory (learn more).

  • bin/archiver_syslog_ctl (from bin/archiver_syslog_ctl)
  • bin/monit_debugger (from bin/monit_debugger)
  • bin/post-start (from bin/post-start.erb)
  • config/input_and_output.conf (from config/input_and_output.conf.erb)
  • config/jvm.options (from config/jvm.options.erb)
  • config/logstash.yml (from config/logstash.yml.erb)
  • config/syslog_tls.crt (from config/syslog_tls.crt.erb)
  • config/syslog_tls.key (from config/syslog_tls.key.erb)
  • data/properties.sh (from data/properties.sh.erb)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.