Papertrail Log Ingestion

Input plugin to read log events from the Papertrail API. Messages read by this input plugin and transformed into the original syslog message such that they can be fed through a syslog decoder.

For more information on the API see https://help.papertrailapp.com/kb/how-it-works/search-api/.

1. Sample Configuration

filename = "papertrail.lua"

ticker_interval = 60 -- required, polling interval

_key = "APIkey" -- required, papertrail API key

-- endpoint = "https://paper.trail.api" -- optional, override standard papertrail URL endpoint
-- limit = 1000 -- optional, max messages per interval, defaults to 1000
-- query = "ssh OR codesign" -- optional, filter incoming messages using papertrail query syntax

decoder_module = "decoders.syslog"

decoders_syslog = {
    template = "<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
    ...
}

source code: papertrail.lua

results matching ""

No results matching ""