HEX
Server: LiteSpeed
System: Linux kapuas.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: mirz4654 (1666)
PHP: 8.1.33
Disabled: system,exec,escapeshellarg,escapeshellcmd,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,popen,pclose,dl,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setsid,posix_setuid,posix_setpgid,ini_alter,show_source,define_syslog_variables,symlink,syslog,openlog,openlog,closelog,ocinumcols,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dll,ftp,myshellexec,socket_bind,mail,posix_getwpuid
$ pwd: /lib/netdata/conf.d/log2journal.d/
Upload Files
File: //lib/netdata/conf.d/log2journal.d/nginx-json.yaml
# For all nginx variables, check this:
# https://nginx.org/en/docs/http/ngx_http_core_module.html#var_connection_requests

pattern: json

prefix: NGINX_

# When log2journal can detect the filename of each log entry (tail gives it
# only when it tails multiple files), this key will be used to send the
# filename to the journals.
filename:
  key: NGINX_LOG_FILENAME

filter:
  exclude: '^(NGINX_BINARY_REMOTE_ADDR)$'

rename:
  - new_key: MESSAGE
    old_key: NGINX_REQUEST

  # args is an alias for query_string
  - new_key: NGINX_QUERY_STRING
    old_key: NGINX_ARGS

  # document_uri is an alias for uri
  - new_key: NGINX_URI
    old_key: NGINX_DOCUMENT_URI

  # is_args states if the request had a query string or not
  - new_key: NGINX_HAS_QUERY_STRING
    old_key: NGINX_IS_ARGS

  # msec is the timestamp in seconds, with fractional digits for milliseconds
  - new_key: NGINX_TIMESTAMP_SEC
    old_key: NGINX_MSEC

  # nginx_version is already prefixed with nginx, let's remove one of them
  - new_key: NGINX_VERSION
    old_key: NGINX_NGINX_VERSION

  # pipe states if the request was pipelined or not
  - new_key: NGINX_PIPELINED
    old_key: NGINX_PIPE

  # rename numeric TLVs to their names
  - new_key: NGINX_PROXY_PROTOCOL_TLV_ALPN
    old_key: NGINX_PROXY_PROTOCOL_TLV_0X01
  - new_key: NGINX_PROXY_PROTOCOL_TLV_AUTHORITY
    old_key: NGINX_PROXY_PROTOCOL_TLV_0X02
  - new_key: NGINX_PROXY_PROTOCOL_TLV_UNIQUE_ID
    old_key: NGINX_PROXY_PROTOCOL_TLV_0X05
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL
    old_key: NGINX_PROXY_PROTOCOL_TLV_0X20
  - new_key: NGINX_PROXY_PROTOCOL_TLV_NETNS
    old_key: NGINX_PROXY_PROTOCOL_TLV_0X30

  # rename numeric SSL TLVs to their names
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERSION
    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X21
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_CN
    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X22
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_CIPHER
    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X23
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_SIG_ALG
    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X24
  - new_key: NGINX_PROXY_PROTOCOL_TLV_SSL_KEY_ALG
    old_key: NGINX_PROXY_PROTOCOL_TLV_SSL_0X25

# Inject constant fields into the journal logs.
inject:
  - key: SYSLOG_IDENTIFIER
    value: nginx-log

  # inject PRIORITY is a duplicate of NGINX_STATUS
  - key: PRIORITY
    value: '${NGINX_STATUS}'

  # Inject NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
  - key: NGINX_STATUS_FAMILY
    value: '${NGINX_STATUS}'


# Rewrite the value of fields (including the duplicated ones).
# The search pattern can have named groups, and the replace pattern can use
# them as ${name}.
rewrite:
  # a ? means it has query string, everything else means it does not
  - key: NGINX_HAS_QUERY_STRING
    match: '^\?$'
    value: yes
  - key: NGINX_HAS_QUERY_STRING
    match: '.*'
    value: no

  # 'on' means it was HTTPS, everything else means it was not
  - key: NGINX_HTTPS
    match: '^on$'
    value: yes
  - key: NGINX_HTTPS
    match: '.*'
    value: no

  # 'p' means it was pipelined, everything else means it was not
  - key: NGINX_PIPELINED
    match: '^p$'
    value: yes
  - key: NGINX_PIPELINED
    match: '.*'
    value: no

  # zero means client sent a certificate and it was verified, non-zero means otherwise
  - key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERIFY
    match: '^0$'
    value: yes
  - key: NGINX_PROXY_PROTOCOL_TLV_SSL_VERIFY
    match: '.*'
    value: no

  # 'OK' means request completed, everything else means it didn't
  - key: NGINX_REQUEST_COMPLETION
    match: '^OK$'
    value: 'completed'
  - key: NGINX_REQUEST_COMPLETION
    match: '.*'
    value: 'not completed'

  # PRIORTY is a duplicate of NGINX_STATUS
  # Valid PRIORITIES: 0=emerg, 1=alert, 2=crit, 3=error, 4=warn, 5=notice, 6=info, 7=debug
  - key: PRIORITY
    match: '^[123]'
    value: 6

  - key: PRIORITY
    match: '^4'
    value: 5

  - key: PRIORITY
    match: '^5'
    value: 3

  - key: PRIORITY
    match: '.*'
    value: 4

  # NGINX_STATUS_FAMILY is a duplicate of NGINX_STATUS
  - key: NGINX_STATUS_FAMILY
    match: '^(?<first_digit>[1-5])'
    value: '${first_digit}xx'

  - key: NGINX_STATUS_FAMILY
    match: '.*'
    value: 'UNKNOWN'

# Control what to do when input logs do not match the main PCRE2 pattern.
unmatched:
  # The journal key to log the PCRE2 error message to.
  # Set this to MESSAGE, so you to see the error in the log.
  key: MESSAGE

  # Inject static fields to the unmatched entries.
  # Set PRIORITY=1 (alert) to help you spot unmatched entries in the logs.
  inject:
    - key: PRIORITY
      value: 1
@ Telegram