git001 · August 6, 2020 11:56
diff --git a/fluent-bit.conf b/fluent-bit.conf
 [SERVICE]
    Flush        5
    Daemon       Off
    Log_Level    trace
    Parsers_File parsers.conf
    Plugins_File plugins.conf
    HTTP_Server  On
    HTTP_Listen  0.0.0.0
    HTTP_Port    2020

 [INPUT]
    Name syslog
    Tag ocp.router
    Mode udp
    Port 5140
    Parser syslog-rfc3164

 [OUTPUT]
    Name  stdout
    Match *
diff --git a/parsers.conf b/parsers.conf
 [PARSER]
    Name        syslog-rfc3164
    Format      regex
    Regex       /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<process>[^ ]*): *(?<message>.*)$/
    Time_Key    time
    Time_Format %b %d %H:%M:%S
    Time_Format %Y-%m-%dT%H:%M:%S.%L
    Time_Keep   On

 # HAProxy parser set

 [PARSER]
    Name haproxy_default_tcp
    Format regex
    Regex ^(?<host>[^ ]*) \[(?<time>[^\]]*)\] (?<frontend>[^ ]*) (?<backend>[^\/]+)\/(?<server>[^ ]*) (?<timewait>-?\d+)\/(?<timetcpcon>-?\d+)\/(?<timetotal>-?\d+) (?<bytesreadstoc>\d+) (?<terminationstateter>[-a-zA-Z])(?<terminationstateclo>[-a-zA-Z]) (?<actconnproc>\d+)\/(?<feconnsess>\d+)\/(?<beconnsess>\d+)\/(?<srvconn>\d+)\/(?<retries>\d+) (?<srvqueue>\d+)\/(?<backendqueue>\d+)$
    # 06/Aug/2020:01:36:31.454
    Time_Format %d/%b/%Y:%H:%M:%S.%L
    Time_Keep Off
    Time_Key time

 [PARSER]
    Name haproxy_default_http
    Format regex
    Regex ^(?<host>[^:]*):(?<port>\d+) \[(?<time>[^\]]*)\] (?<frontend>[^ ]*) (?<backend>[^\/]+)\/(?<server>[^ ]*) (?<timeclientreq>-?\d+)\/(?<timewait>-?\d+)\/(?<timetcpcon>-?\d+)\/(?<timetotalsessdur>-?\d+)\/(?<timetotalactive>-?\d+) (?<httpstatuscode>\d+) (?<bytesreadstoc>\d+) - - (?<terminationstateter>[-a-zA-Z])(?<terminationstateclo>[-a-zA-Z])(?<terminationstatecookieclient>[-a-zA-Z])(?<terminationstatecookieserver>[-a-zA-Z]) (?<actconnproc>\d+)\/(?<feconnsess>\d+)\/(?<beconnsess>\d+)\/(?<srvconn>\d+)\/(?<retries>\d+) (?<srvqueue>\d+)\/(?<backendqueue>\d+) "(?<method>\w+)(?: +(?<path>[^\?]*?)\?(?<query>[^ ]*?))(?: +(?<httpver>[^\"]*))"$
    # 06/Aug/2020:01:36:31.454
    Time_Format %d/%b/%Y:%H:%M:%S.%L
    Time_Keep Off
    Time_Key time
	[SERVICE]
	Flush 5
	Daemon Off
	Log_Level trace
	Parsers_File parsers.conf
	Plugins_File plugins.conf
	HTTP_Server On
	HTTP_Listen 0.0.0.0
	HTTP_Port 2020

	[INPUT]
	Name syslog
	Tag ocp.router
	Mode udp
	Port 5140
	Parser syslog-rfc3164

	[OUTPUT]
	Name stdout
	Match *
	[PARSER]
	Name syslog-rfc3164
	Format regex
	Regex /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]) (?<process>[^ ]): (?<message>.)$/
	Time_Key time
	Time_Format %b %d %H:%M:%S
	Time_Format %Y-%m-%dT%H:%M:%S.%L
	Time_Keep On

	# HAProxy parser set

	[PARSER]
	Name haproxy_default_tcp
	Format regex
	Regex ^(?<host>[^ ]) \[(?<time>[^\]])\] (?<frontend>[^ ]) (?<backend>[^\/]+)\/(?<server>[^ ]) (?<timewait>-?\d+)\/(?<timetcpcon>-?\d+)\/(?<timetotal>-?\d+) (?<bytesreadstoc>\d+) (?<terminationstateter>[-a-zA-Z])(?<terminationstateclo>[-a-zA-Z]) (?<actconnproc>\d+)\/(?<feconnsess>\d+)\/(?<beconnsess>\d+)\/(?<srvconn>\d+)\/(?<retries>\d+) (?<srvqueue>\d+)\/(?<backendqueue>\d+)$
	# 06/Aug/2020:01:36:31.454
	Time_Format %d/%b/%Y:%H:%M:%S.%L
	Time_Keep Off
	Time_Key time

	[PARSER]
	Name haproxy_default_http
	Format regex
	Regex ^(?<host>[^:]):(?<port>\d+) \[(?<time>[^\]])\] (?<frontend>[^ ]) (?<backend>[^\/]+)\/(?<server>[^ ]) (?<timeclientreq>-?\d+)\/(?<timewait>-?\d+)\/(?<timetcpcon>-?\d+)\/(?<timetotalsessdur>-?\d+)\/(?<timetotalactive>-?\d+) (?<httpstatuscode>\d+) (?<bytesreadstoc>\d+) - - (?<terminationstateter>[-a-zA-Z])(?<terminationstateclo>[-a-zA-Z])(?<terminationstatecookieclient>[-a-zA-Z])(?<terminationstatecookieserver>[-a-zA-Z]) (?<actconnproc>\d+)\/(?<feconnsess>\d+)\/(?<beconnsess>\d+)\/(?<srvconn>\d+)\/(?<retries>\d+) (?<srvqueue>\d+)\/(?<backendqueue>\d+) "(?<method>\w+)(?: +(?<path>[^\?]?)\?(?<query>[^ ]?))(?: +(?<httpver>[^\"]*))"$
	# 06/Aug/2020:01:36:31.454
	Time_Format %d/%b/%Y:%H:%M:%S.%L
	Time_Keep Off
	Time_Key time