diff --git a/Dockerfile b/Dockerfile
index a6aaa1a..2f84b23 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,18 @@
-FROM fluent/fluentd:v0.12.34
+FROM fluent/fluentd:v0.14.17-debian
WORKDIR /home/fluent
ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
USER root
-RUN apk --no-cache --update add sudo build-base ruby-dev libffi-dev && \
- sudo -u fluent gem install fluent-plugin-record-reformer fluent-plugin-kubernetes_metadata_filter fluent-plugin-sumologic_output && \
- rm -rf /home/fluent/.gem/ruby/2.3.0/cache/*.gem && sudo -u fluent gem sources -c && \
- apk del sudo build-base ruby-dev && rm -rf /var/cache/apk/*
+# New fluent image dynamically creates user in entrypoint
+RUN [ -f /bin/entrypoint.sh ] && /bin/entrypoint.sh echo || : && \
+ apt-get update && \
+ apt-get install -y build-essential ruby-dev libffi-dev libsystemd-dev && \
+ gem install fluent-plugin-systemd fluent-plugin-record-reformer fluent-plugin-kubernetes_metadata_filter fluent-plugin-sumologic_output && \
+ rm -rf /home/fluent/.gem/ruby/2.3.0/cache/*.gem && \
+ gem sources -c && \
+ apt-get remove --purge -y build-essential ruby-dev libffi-dev libsystemd-dev && \
+ rm -rf /var/lib/apt/lists/*
RUN mkdir -p /mnt/pos
EXPOSE 24284
@@ -26,9 +31,12 @@ ENV SOURCE_CATEGORY_REPLACE_DASH "/"
ENV SOURCE_NAME "%{namespace}.%{pod}.%{container}"
ENV KUBERNETES_META "true"
ENV READ_FROM_HEAD "true"
+ENV FLUENTD_SOURCE "file"
+ENV FLUENTD_USER_CONFIG_DIR "/fluentd/conf.d/user"
-COPY ./conf.d/* /fluentd/conf.d/
+COPY ./conf.d/ /fluentd/conf.d/
COPY ./etc/* /fluentd/etc/
COPY ./plugins/* /fluentd/plugins/
+COPY ./entrypoint.sh /fluentd/
-CMD exec fluentd -c /fluentd/etc/$FLUENTD_CONF -p /fluentd/plugins $FLUENTD_OPT
\ No newline at end of file
+ENTRYPOINT ["/fluentd/entrypoint.sh"]
diff --git a/README.md b/README.md
index df9736d..f0e86a0 100644
--- a/README.md
+++ b/README.md
@@ -25,10 +25,20 @@ And finally, you need to deploy the container. I will presume you have your own
kubectl create -f fluentd.daemonset.yaml
```
+#### Helm
+
+A helm chart can also install the daemonset, secret, etc.
+
+```
+helm install --name sumo --set sumologic.collectorUrl=YOUR-URL-HERE stable/sumologic-fluentd
+```
+
## Options
The following options can be configured as environment variables on the DaemonSet
+* `FLUENTD_SOURCE` - Fluentd can tail files or query systemd (default `file`)
+* `FLUENTD_USER_CONFIG_DIR` - A directory of user defined fluentd configuration files, which must in in `*.conf`
* `FLUSH_INTERVAL` - How frequently to push logs to SumoLogic (default `5s`)
* `NUM_THREADS` - Increase number of http threads to Sumo. May be required in heavy logging clusters (default `1`)
* `SOURCE_NAME` - Set the `_sourceName` metadata field in SumoLogic. (Default `"%{namespace}.%{pod}.%{container}"`)
@@ -53,16 +63,22 @@ The following options can be configured as environment variables on the DaemonSe
* `EXCLUDE_POD_REGEX` - A Regex pattern for pods. All matching pods will be excluded from Sumo Logic. The logs will still be sent to FluentD.
* `EXCLUDE_CONTAINER_REGEX` - A Regex pattern for containers. All matching containers will be excluded from Sumo Logic. The logs will still be sent to FluentD.
* `EXCLUDE_HOST_REGEX` - A Regex pattern for hosts. All matching hosts will be excluded from Sumo Logic. The logs will still be sent to FluentD.
+ * `EXCLUDE_FACILITY_REGEX` - A Regex pattern for syslog [faclilities](https://en.wikipedia.org/wiki/Syslog#Facility). All matching facilities will be excluded from Sumo Logic. The logs will still be sent to FluentD.
+ * `EXCLUDE_PRIORITY_REGEX` - A Regex pattern for syslog [priorities](https://en.wikipedia.org/wiki/Syslog#Severity_level). All matching priorities will be excluded from Sumo Logic. The logs will still be sent to FluentD.
+ * `EXCLUDE_UNIT_REGEX` - A Regex pattern for systemd [units](https://www.freedesktop.org/software/systemd/man/systemd.unit.html). All matching units will be excluded from Sumo Logic. The logs will still be sent to FluentD.
The following table show which environment variables affect fluent sources
-| Environment Variable | Containers | Docker | Kubernetes |
-|----------------------|------------|--------|------------|
-| `EXCLUDE_CONTAINER_REGEX` | ✔ | ✘ | ✘ |
-| `EXCLUDE_HOST_REGEX `| ✔ | ✘ | ✘ |
-| `EXCLUDE_NAMESPACE_REGEX` | ✔ | ✘ | ✔ |
-| `EXCLUDE_PATH` | ✔ | ✔ | ✔ |
-| `EXCLUDE_POD_REGEX` | ✔ | ✘ | ✘ |
+| Environment Variable | Containers | Docker | Kubernetes | Systemd |
+|----------------------|------------|--------|------------|---------|
+| `EXCLUDE_CONTAINER_REGEX` | ✔ | ✘ | ✘ | ✘ |
+| `EXCLUDE_FACILITY_REGEX` | ✘ | ✘ | ✘ | ✔ |
+| `EXCLUDE_HOST_REGEX `| ✔ | ✘ | ✘ | ✔ |
+| `EXCLUDE_NAMESPACE_REGEX` | ✔ | ✘ | ✔ | ✘ |
+| `EXCLUDE_PATH` | ✔ | ✔ | ✔ | ✘ |
+| `EXCLUDE_PRIORITY_REGEX` | ✘ | ✘ | ✘ | ✔ |
+| `EXCLUDE_POD_REGEX` | ✔ | ✘ | ✘ | ✘ |
+| `EXCLUDE_UNIT_REGEX` | ✘ | ✘ | ✘ | ✔ |
The `LOG_FORMAT`, `SOURCE_CATEGORY` and `SOURCE_NAME` can be overridden per pod using [annotations](http://kubernetes.io/v1.0/docs/user-guide/annotations.html). For example
diff --git a/conf.d/source.containers.conf b/conf.d/file/source.containers.conf
similarity index 93%
rename from conf.d/source.containers.conf
rename to conf.d/file/source.containers.conf
index de94671..e4e33f3 100644
--- a/conf.d/source.containers.conf
+++ b/conf.d/file/source.containers.conf
@@ -1,5 +1,5 @@
- type tail
+ @type tail
format json
time_key time
path /mnt/log/containers/*.log
@@ -11,7 +11,7 @@
- type kubernetes_metadata
+ @type kubernetes_metadata
annotation_match ["sumologic\.com.*"]
de_dot false
tag_to_kubernetes_name_regexp '.+?\.containers\.(?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?[^_]+)_(?.+)-(?[a-z0-9]{64})\.log$'
@@ -19,7 +19,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_name "#{ENV['SOURCE_NAME']}"
log_format "#{ENV['LOG_FORMAT']}"
kubernetes_meta "#{ENV['KUBERNETES_META']}"
@@ -30,4 +30,4 @@
exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
-
\ No newline at end of file
+
diff --git a/conf.d/source.docker.conf b/conf.d/file/source.docker.conf
similarity index 93%
rename from conf.d/source.docker.conf
rename to conf.d/file/source.docker.conf
index 5bb3fd9..07e159e 100644
--- a/conf.d/source.docker.conf
+++ b/conf.d/file/source.docker.conf
@@ -2,7 +2,7 @@
# time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
# time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
- type tail
+ @type tail
format /^time="(?
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category docker
source_name k8s_docker
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
diff --git a/conf.d/source.kubernetes.conf b/conf.d/file/source.kubernetes.conf
similarity index 94%
rename from conf.d/source.kubernetes.conf
rename to conf.d/file/source.kubernetes.conf
index b584ce0..54c84c4 100644
--- a/conf.d/source.kubernetes.conf
+++ b/conf.d/file/source.kubernetes.conf
@@ -1,7 +1,7 @@
# Example:
# 2015-12-21 23:17:22,066 [salt.state ][INFO ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081
- type tail
+ @type tail
format /^(?
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category salt
source_name k8s_salt
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -22,7 +22,7 @@
# Example:
# Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
- type tail
+ @type tail
format syslog
path /mnt/log/startupscript.log
exclude_path "#{ENV['EXCLUDE_PATH']}"
@@ -31,7 +31,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category startupscript
source_name k8s_startupscript
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -46,7 +46,7 @@
# Example:
# I0204 07:32:30.020537 3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -59,7 +59,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category kubelet
source_name k8s_kubelet
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -69,7 +69,7 @@
# Example:
# I0204 07:00:19.604280 5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -82,7 +82,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category kube-apiserver
source_name k8s_kube-apiserver
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -93,7 +93,7 @@
# Example:
# I0204 06:55:31.872680 5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kube-ui
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -106,7 +106,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category kube-controller-manager
source_name k8s_kube-controller-manager
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -117,7 +117,7 @@
# Example:
# W0204 06:49:18.239674 7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -130,7 +130,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category kube-scheduler
source_name k8s_kube-scheduler
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -142,7 +142,7 @@
# Example:
# I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -155,7 +155,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category glbc
source_name k8s_glbc
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
@@ -166,7 +166,7 @@
# Example:
# I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf
- type tail
+ @type tail
format multiline
multiline_flush_interval 5s
format_firstline /^\w\d{4}/
@@ -180,7 +180,7 @@
- type kubernetes_sumologic
+ @type kubernetes_sumologic
source_category cluster-autoscaler
source_name k8s_cluster-autoscaler
source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
diff --git a/conf.d/out.sumo.conf b/conf.d/out.sumo.conf
index 573524b..f75f081 100644
--- a/conf.d/out.sumo.conf
+++ b/conf.d/out.sumo.conf
@@ -1,9 +1,9 @@
- type sumologic
+ @type sumologic
log_key log
endpoint "#{ENV['COLLECTOR_URL']}"
verify_ssl "#{ENV['VERIFY_SSL']}"
log_format "#{ENV['LOG_FORMAT']}"
flush_interval "#{ENV['FLUSH_INTERVAL']}"
num_threads "#{ENV['NUM_THREADS']}"
-
\ No newline at end of file
+
diff --git a/conf.d/systemd/source.containers.conf b/conf.d/systemd/source.containers.conf
new file mode 100644
index 0000000..c3cf54d
--- /dev/null
+++ b/conf.d/systemd/source.containers.conf
@@ -0,0 +1,33 @@
+
+ @type tail
+ format json
+ time_key time
+ path /mnt/log/containers/*.log
+ exclude_path "#{ENV['EXCLUDE_PATH']}"
+ pos_file /mnt/pos/ggcp-containers.log.pos
+ time_format %Y-%m-%dT%H:%M:%S.%NZ
+ tag containers.*
+ read_from_head true
+
+
+
+ @type kubernetes_metadata
+ annotation_match ["sumologic\.com.*"]
+ de_dot false
+ tag_to_kubernetes_name_regexp '.+?\.containers\.(?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?[^_]+)_(?.+)-(?[a-z0-9]{64})\.log$'
+ merge_json_log false
+
+
+
+ @type kubernetes_sumologic
+ source_name "#{ENV['SOURCE_NAME']}"
+ log_format "#{ENV['LOG_FORMAT']}"
+ kubernetes_meta "#{ENV['KUBERNETES_META']}"
+ source_category "#{ENV['SOURCE_CATEGORY']}"
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ source_category_replace_dash "#{ENV['SOURCE_CATEGORY_REPLACE_DASH']}"
+ exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
+ exclude_pod_regex "#{ENV['EXCLUDE_POD_REGEX']}"
+ exclude_container_regex "#{ENV['EXCLUDE_CONTAINER_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+
diff --git a/conf.d/systemd/source.systemd.conf b/conf.d/systemd/source.systemd.conf
new file mode 100644
index 0000000..c1e464f
--- /dev/null
+++ b/conf.d/systemd/source.systemd.conf
@@ -0,0 +1,902 @@
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "addon-config.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/addon-config.log.pos
+
+ tag addon-config
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name addon-config
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "addon-run.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/addon-run.log.pos
+
+ tag addon-run
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name addon-run
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "cfn-etcd-environment.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/cfn-etcd-environment.log.pos
+
+ tag cfn-etcd-environment
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name cfn-etcd-environment
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "cfn-signal.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/cfn-signal.log.pos
+
+ tag cfn-signal
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name cfn-signal
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "clean-ca-certificates.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/clean-ca-certificates.log.pos
+
+ tag clean-ca-certificates
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name clean-ca-certificates
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "containerd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/containerd.log.pos
+
+ tag containerd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name containerd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "coreos-metadata.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/coreos-metadata.log.pos
+
+ tag coreos-metadata
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name coreos-metadata
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "coreos-setup-environment.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/coreos-setup-environment.log.pos
+
+ tag coreos-setup-environment
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name coreos-setup-environment
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "coreos-tmpfiles.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/coreos-tmpfiles.log.pos
+
+ tag coreos-tmpfiles
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name coreos-tmpfiles
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "dbus.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/dbus.log.pos
+
+ tag dbus
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name dbus
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "docker.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/docker.log.pos
+
+ tag docker
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name docker
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "efs.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/efs.log.pos
+
+ tag efs
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name efs
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "etcd-member.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/etcd-member.log.pos
+
+ tag etcd-member
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name etcd-member
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "etcd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/etcd.log.pos
+
+ tag etcd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name etcd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "etcd2.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/etcd2.log.pos
+
+ tag etcd2
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name etcd2
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "etcd3.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/etcd3.log.pos
+
+ tag etcd3
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name etcd3
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "flanneld.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/flanneld.log.pos
+
+ tag flanneld
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name flanneld
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "kube-node-taint-and-uncordon.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/kube-node-taint-and-uncordon.log.pos
+
+ tag kube-node-taint-and-uncordon
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name kube-node-taint-and-uncordon
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+# Multi-line parsing is required for all the kube logs because very large log
+# statements, such as those that include entire object bodies, get split into
+# multiple lines by glog.
+
+# Example:
+# I0204 07:32:30.020537 3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "kubelet.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/kubelet.log.pos
+
+ tag kubelet
+
+
+
+ @type kubernetes_sumologic
+ source_category kubelet
+ source_name k8s_kubelet
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_namespace_regex "#{ENV['EXCLUDE_NAMESPACE_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "ldconfig.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/ldconfig.log.pos
+
+ tag ldconfig
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name ldconfig
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "locksmithd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/locksmithd.log.pos
+
+ tag locksmithd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name locksmithd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "logrotate.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/logrotate.log.pos
+
+ tag logrotate
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name logrotate
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "lvm2-monitor.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/lvm2-monitor.log.pos
+
+ tag lvm2-monitor
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name lvm2-monitor
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "mdmon.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/mdmon.log.pos
+
+ tag mdmon
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name mdmon
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "nfs-idmapd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/nfs-idmapd.log.pos
+
+ tag nfs-idmapd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name nfs-idmapd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "nfs-mountd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/nfs-mountd.log.pos
+
+ tag nfs-mountd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name nfs-mountd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "nfs-server.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/nfs-server.log.pos
+
+ tag nfs-server
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name nfs-server
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "nfs-utils.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/nfs-utils.log.pos
+
+ tag nfs-utils
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name nfs-utils
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "oem-cloudinit.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/oem-cloudinit.log.pos
+
+ tag oem-cloudinit
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name oem-cloudinit
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rkt-gc.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rkt-gc.log.pos
+
+ tag rkt-gc
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rkt-gc
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rkt-metadata.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rkt-metadata.log.pos
+
+ tag rkt-metadata
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rkt-metadata
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rpc-idmapd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rpc-idmapd.log.pos
+
+ tag rpc-idmapd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rpc-idmapd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rpc-mountd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rpc-mountd.log.pos
+
+ tag rpc-mountd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rpc-mountd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rpc-statd.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rpc-statd.log.pos
+
+ tag rpc-statd
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rpc-statd
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "rpcbind.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/rpcbind.log.pos
+
+ tag rpcbind
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name rpcbind
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "set-aws-environment.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/set-aws-environment.log.pos
+
+ tag set-aws-environment
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name set-aws-environment
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "system-cloudinit.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/system-cloudinit.log.pos
+
+ tag system-cloudinit
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name system-cloudinit
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "update-ca-certificates.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/update-ca-certificates.log.pos
+
+ tag update-ca-certificates
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name update-ca-certificates
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
+
+ @type systemd
+ path /mnt/log/journal
+ filters [{"_SYSTEMD_UNIT": "user-cloudinit.service"}]
+
+ @type local
+ persistent true
+ path /mnt/pos/user-cloudinit.log.pos
+
+ tag user-cloudinit
+
+
+
+ @type kubernetes_sumologic
+ source_category system
+ source_name user-cloudinit
+ source_category_prefix "#{ENV['SOURCE_CATEGORY_PREFIX']}"
+ exclude_facliity_regex "#{ENV['EXCLUDE_FACILITY_REGEX']}"
+ exclude_host_regex "#{ENV['EXCLUDE_HOST_REGEX']}"
+ exclude_priority_regex "#{ENV['EXCLUDE_PRIORITY_REGEX']}"
+ exclude_unit_regex "#{ENV['EXCLUDE_UNIT_REGEX']}"
+
+
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..7959113
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+if [ $# -gt 0 ] && [ "${1:0:1}" != "-" ]; then
+ exec $@
+else
+ cd `dirname $0`
+
+ if [ $FLUENTD_SOURCE != file ] && [ $FLUENTD_SOURCE != systemd ]; then
+ echo "Unknown source '$FLUENTD_SOURCE'"
+ if [ -e /dev/termination-log ]; then
+ echo "Unknown source '$FLUENTD_SOURCE'" >/dev/termination-log
+ fi
+ exit 1
+ fi
+
+ exec fluentd -c /fluentd/etc/fluent.$FLUENTD_SOURCE.conf -p /fluentd/plugins $FLUENTD_OPT
+fi
diff --git a/etc/fluent.conf b/etc/fluent.conf
deleted file mode 100644
index c0bd219..0000000
--- a/etc/fluent.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-
- type null
-
-
-@include /fluentd/conf.d/source.*.conf
-@include /fluentd/conf.d/out.sumo.conf
\ No newline at end of file
diff --git a/etc/fluent.file.conf b/etc/fluent.file.conf
new file mode 100644
index 0000000..b4762b4
--- /dev/null
+++ b/etc/fluent.file.conf
@@ -0,0 +1,7 @@
+
+ @type null
+
+
+@include /fluentd/conf.d/file/source.*.conf
+@include /fluentd/conf.d/user/*.conf
+@include /fluentd/conf.d/out.sumo.conf
diff --git a/etc/fluent.systemd.conf b/etc/fluent.systemd.conf
new file mode 100644
index 0000000..b6b3e0d
--- /dev/null
+++ b/etc/fluent.systemd.conf
@@ -0,0 +1,7 @@
+
+ @type null
+
+
+@include /fluentd/conf.d/systemd/source.*.conf
+@include /fluentd/conf.d/user/*.conf
+@include /fluentd/conf.d/out.sumo.conf
diff --git a/plugins/filter_kubernetes_sumologic.rb b/plugins/filter_kubernetes_sumologic.rb
index fb10e32..0ebc9ce 100644
--- a/plugins/filter_kubernetes_sumologic.rb
+++ b/plugins/filter_kubernetes_sumologic.rb
@@ -12,10 +12,14 @@ class SumoContainerOutput < Filter
config_param :source_name, :string, :default => '%{namespace}.%{pod}.%{container}'
config_param :log_format, :string, :default => 'json'
config_param :source_host, :string, :default => nil
- config_param :exclude_namespace_regex, :string, :default => nil
- config_param :exclude_pod_regex, :string, :default => nil
+
config_param :exclude_container_regex, :string, :default => nil
+ config_param :exclude_facility_regex, :string, :default => nil
config_param :exclude_host_regex, :string, :default => nil
+ config_param :exclude_namespace_regex, :string, :default => nil
+ config_param :exclude_pod_regex, :string, :default => nil
+ config_param :exclude_priority_regex, :string, :default => nil
+ config_param :exclude_unit_regex, :string, :default => nil
def configure(conf)
super
@@ -41,6 +45,33 @@ def filter(tag, time, record)
end
end
+ if record.key?('_SYSTEMD_UNIT') and not record.fetch('_SYSTEMD_UNIT').nil?
+ unless @exclude_unit_regex.empty?
+ if Regexp.compile(@exclude_unit_regex).match(record['_SYSTEMD_UNIT'])
+ return nil
+ end
+ end
+
+ unless @exclude_facility_regex.empty?
+ if Regexp.compile(@exclude_facliity_regex).match(record['SYSLOG_FACILITY'])
+ return nil
+ end
+ end
+
+ unless @exclude_priority_regex.empty?
+ if Regexp.compile(@exclude_priority_regex).match(record['PRIORITY'])
+ return nil
+ end
+ end
+
+ unless @exclude_host_regex.empty?
+ if Regexp.compile(@exclude_hostregex).match(record['_HOSTNAME'])
+ return nil
+ end
+ end
+
+ end
+
# Allow fields to be overridden by annotations
if record.key?('kubernetes') and not record.fetch('kubernetes').nil?
# Clone kubernetes hash so we don't override the cache
@@ -120,4 +151,4 @@ def filter(tag, time, record)
record
end
end
-end
\ No newline at end of file
+end