Socket
Collect logs using the socket client
status: stable
role: aggregator
role: sidecar
delivery: best effort
acknowledgements: no
egress: stream
state: stateless
output: log
Configuration
Example configurations
{
"sources": {
"my_source_id": {
"type": "socket",
"address": "0.0.0.0:9000",
"port_key": null,
"max_length": 102400,
"mode": "tcp",
"path": "/path/to/socket"
}
}
}
[sources.my_source_id]
type = "socket"
address = "0.0.0.0:9000"
max_length = 102_400
mode = "tcp"
path = "/path/to/socket"
---
sources:
my_source_id:
type: socket
address: 0.0.0.0:9000
port_key: null
max_length: 102400
mode: tcp
path: /path/to/socket
{
"sources": {
"my_source_id": {
"type": "socket",
"address": "0.0.0.0:9000",
"host_key": "host",
"port_key": null,
"max_length": 102400,
"mode": "tcp",
"path": "/path/to/socket",
"socket_file_mode": 511,
"shutdown_timeout_secs": 30,
"framing": null,
"receive_buffer_bytes": 65536,
"keepalive": null,
"tls": null,
"connection_limit": null,
"decoding": null
}
}
}
[sources.my_source_id]
type = "socket"
address = "0.0.0.0:9000"
host_key = "host"
max_length = 102_400
mode = "tcp"
path = "/path/to/socket"
socket_file_mode = 511
shutdown_timeout_secs = 30
receive_buffer_bytes = 65_536
---
sources:
my_source_id:
type: socket
address: 0.0.0.0:9000
host_key: host
port_key: null
max_length: 102400
mode: tcp
path: /path/to/socket
socket_file_mode: 511
shutdown_timeout_secs: 30
framing: null
receive_buffer_bytes: 65536
keepalive: null
tls: null
connection_limit: null
decoding: null
address
required string literalThe address to listen for connections on, or
systemd#N
to use the Nth socket passed by systemd socket activation. If an address is used it must include a port.Relevant when:
mode = `tcp` or `udp`
connection_limit
optional uintThe max number of TCP connections that will be processed.
Relevant when:
mode = `tcp`
decoding
optional objectConfigures in which way frames are decoded into events.
decoding.codec
optional string literal enumThe decoding method.
Enum options
Option | Description |
---|---|
bytes | Events containing the byte frame as-is. |
json | Events being parsed from a JSON string. |
native | Events being parsed from Vector’s native protobuf format (EXPERIMENTAL). |
native_json | Events being parsed from Vector’s native JSON format (EXPERIMENTAL). |
syslog | Events being parsed from a Syslog message. |
default:
bytes
framing
optional objectConfigures in which way incoming byte sequences are split up into byte frames.
framing.character_delimited
optional objectOptions for
character_delimited
framing.Relevant when:
method = `character_delimited`
framing.character_delimited.delimiter
optional ascii_charThe character used to separate frames.
framing.character_delimited.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length
bytes will be discarded entirely.framing.method
optional string literal enumThe framing method.
Enum options
Option | Description |
---|---|
bytes | Byte frames are passed through as-is according to the underlying I/O boundaries (e.g. split between messages or stream segments). |
character_delimited | Byte frames which are delimited by a chosen character. |
length_delimited | Byte frames whose length is encoded in a header. |
newline_delimited | Byte frames which are delimited by a newline character. |
octet_counting | Byte frames according to the octet counting format. |
default:
`newline_delimited` for TCP and Unix stream modes when using codecs other than `native` (which defaults to `length_delimited`), `bytes` for UDP and Unix datagram modes
framing.newline_delimited
optional objectOptions for
newline_delimited
framing.Relevant when:
method = `newline_delimited`
framing.newline_delimited.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length
bytes will be discarded entirely.framing.octet_counting
optional objectOptions for
octet_counting
framing.Relevant when:
method = `octet_counting`
framing.octet_counting.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length
bytes will be discarded entirely.host_key
optional string literalThe key name added to each event representing the peer host. This can also be globally set via the
global
host_key
option.default:
host
keepalive
optional objectConfigures the TCP keepalive behavior for the connection to the source.
keepalive.time_secs
optional uintThe time a connection needs to be idle before sending TCP keepalive probes.
max_length
common optional uintThe maximum buffer size of incoming messages. Messages larger than this are truncated.
default:
102400
(bytes)mode
required string literal enumThe type of socket to use.
Enum options
string
literal
Option | Description |
---|---|
tcp | TCP socket. |
udp | UDP socket. |
unix_datagram | Unix domain datagram socket. |
unix_stream | Unix domain stream socket. |
path
required string literalThe unix socket path. This should be an absolute path.
Relevant when:
mode = `unix_datagram` or `unix_stream`
port_key
common optional string literalThe key name added to each event representing the peer source port. If empty, this context is not added.
receive_buffer_bytes
optional uintConfigures the receive buffer size using the
SO_RCVBUF
option on the socket.Relevant when:
mode = `tcp` or mode = `udp`
shutdown_timeout_secs
optional uintThe timeout before a connection is forcefully closed during shutdown.
default:
30
(seconds)Relevant when:
mode = `tcp`
socket_file_mode
optional uintUnix file mode bits to be applied to the unix socket file
as its designated file permissions.
Note that the file mode value can be specified in any numeric format
supported by your configuration language, but it is most intuitive to use an octal number.
Relevant when:
mode = `unix_datagram` or `unix_stream`
tls
optional objectConfigures the TLS options for incoming connections.
tls.ca_file
optional string literalAbsolute path to an additional CA certificate file, in DER or PEM format (X.509), or an in-line CA certificate in PEM format.
tls.crt_file
optional string literalAbsolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive,
key_file
must also be set. This is required if enabled
is set to true
.tls.enabled
optional boolRequire TLS for incoming connections. If this is set, an identity certificate is also required.
default:
false
tls.key_file
optional string literalAbsolute path to a private key file used to identify this server, in DER or PEM format (PKCS#8), or an in-line private key in PEM format.
tls.key_pass
optional string literalPass phrase used to unlock the encrypted key file. This has no effect unless
key_file
is set.tls.verify_certificate
optional boolIf
true
, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false
(the default), Vector will not request a certificate from the client.default:
false
Outputs
<component_id>
Default output stream of the component. Use this component’s ID as an input to downstream transforms and sinks.
Output Data
Logs
Line
A single socket event.
host
required
string
literal
The peer host IP address.
Examples
129.21.31.122
message
required
string
literal
The raw line, unparsed.
Examples
2019-02-13T19:48:34+00:00 [info] Started GET "/" for 127.0.0.1
port
optional
uint
The peer source port.
Examples
2838
timestamp
required
timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332Z
Telemetry
Metrics
linkcomponent_discarded_events_total
counterThe number of events dropped by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
component_errors_total
counterThe total number of errors encountered by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
error_type
required
The type of the error
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
stage
required
The stage within the component at which the error occurred.
component_received_bytes_total
counterThe number of raw bytes accepted by this component from source origins.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
container_name
optional
The name of the container from which the data originated.
file
optional
The file from which the data originated.
host
optional
The hostname of the system Vector is running on.
mode
optional
The connection mode used by the component.
peer_addr
optional
The IP from which the data originated.
peer_path
optional
The pathname from which the data originated.
pid
optional
The process ID of the Vector instance.
pod_name
optional
The name of the pod from which the data originated.
uri
optional
The sanitized URI from which the data originated.
component_received_event_bytes_total
counterThe number of event bytes accepted by this component either from
tagged origins like file and uri, or cumulatively from other origins.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
container_name
optional
The name of the container from which the data originated.
file
optional
The file from which the data originated.
host
optional
The hostname of the system Vector is running on.
mode
optional
The connection mode used by the component.
peer_addr
optional
The IP from which the data originated.
peer_path
optional
The pathname from which the data originated.
pid
optional
The process ID of the Vector instance.
pod_name
optional
The name of the pod from which the data originated.
uri
optional
The sanitized URI from which the data originated.
component_received_events_total
counterThe number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
container_name
optional
The name of the container from which the data originated.
file
optional
The file from which the data originated.
host
optional
The hostname of the system Vector is running on.
mode
optional
The connection mode used by the component.
peer_addr
optional
The IP from which the data originated.
peer_path
optional
The pathname from which the data originated.
pid
optional
The process ID of the Vector instance.
pod_name
optional
The name of the pod from which the data originated.
uri
optional
The sanitized URI from which the data originated.
component_sent_event_bytes_total
counterThe total number of event bytes emitted by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
host
optional
The hostname of the system Vector is running on.
output
optional
The specific output of the component.
pid
optional
The process ID of the Vector instance.
component_sent_events_total
counterThe total number of events emitted by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
host
optional
The hostname of the system Vector is running on.
output
optional
The specific output of the component.
pid
optional
The process ID of the Vector instance.
connection_errors_total
counterThe total number of connection errors for this Vector instance.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
connection_established_total
counterThe total number of times a connection has been established.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
connection_failed_total
counterThe total number of times a connection has failed.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
connection_send_ack_errors_total
counterThe total number of protocol acknowledgement errors for this Vector instance for source protocols that support acknowledgements.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
connection_send_errors_total
counterThe total number of errors sending data via the connection.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
connection_shutdown_total
counterThe total number of times the connection has been shut down.
host
optional
The hostname of the system Vector is running on.
pid
optional
The process ID of the Vector instance.
events_in_total
counterThe number of events accepted by this component either from tagged
origins like file and uri, or cumulatively from other origins.
This metric is deprecated and will be removed in a future version.
Use
component_received_events_total
instead.component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
container_name
optional
The name of the container from which the data originated.
file
optional
The file from which the data originated.
host
optional
The hostname of the system Vector is running on.
mode
optional
The connection mode used by the component.
peer_addr
optional
The IP from which the data originated.
peer_path
optional
The pathname from which the data originated.
pid
optional
The process ID of the Vector instance.
pod_name
optional
The name of the pod from which the data originated.
uri
optional
The sanitized URI from which the data originated.
events_out_total
counterThe total number of events emitted by this component.
This metric is deprecated and will be removed in a future version.
Use
component_sent_events_total
instead.component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id
instead. The value is the same as component_id
.component_type
required
The Vector component type.
host
optional
The hostname of the system Vector is running on.
output
optional
The specific output of the component.
pid
optional
The process ID of the Vector instance.
Examples
Socket line
Given this event...2019-02-13T19:48:34+00:00 [info] Started GET "/" for 127.0.0.1
[sources.my_source_id]
type = "socket"
---
sources:
my_source_id:
type: socket
{
"sources": {
"my_source_id": {
"type": "socket"
}
}
}
{
"host": "my-host.local",
"message": "2019-02-13T19:48:34+00:00 [info] Started GET \"/\" for 127.0.0.1",
"timestamp": "2020-10-10T17:07:36.452332Z"
}
How it works
Transport Layer Security (TLS)
Vector uses OpenSSL for TLS protocols. You can
adjust TLS behavior via the
tls.*
options.