Socket
Collect logs using the socket client
status: stable
role: aggregator
role: sidecar
delivery: best effort
egress: stream
state: stateless
output: log
Configuration
Example configurations
{
"sources": {
"my_source_id": {
"type": "socket",
"address": "0.0.0.0:9000",
"max_length": 102400,
"mode": "tcp",
"path": "/path/to/socket"
}
}
}[sources.my_source_id]
type = "socket"
address = "0.0.0.0:9000"
max_length = 102_400
mode = "tcp"
path = "/path/to/socket"
---
sources:
my_source_id:
type: socket
address: 0.0.0.0:9000
max_length: 102400
mode: tcp
path: /path/to/socket
{
"sources": {
"my_source_id": {
"type": "socket",
"address": "0.0.0.0:9000",
"host_key": "host",
"max_length": 102400,
"mode": "tcp",
"path": "/path/to/socket",
"shutdown_timeout_secs": 30
}
}
}[sources.my_source_id]
type = "socket"
address = "0.0.0.0:9000"
host_key = "host"
max_length = 102_400
mode = "tcp"
path = "/path/to/socket"
shutdown_timeout_secs = 30
---
sources:
my_source_id:
type: socket
address: 0.0.0.0:9000
host_key: host
max_length: 102400
mode: tcp
path: /path/to/socket
keepalive: null
tls: null
shutdown_timeout_secs: 30
address
required string literalThe address to listen for connections on, or
systemd#N to use the Nth socket passed by systemd socket activation. If an address is used it must include a port.Relevant when:
mode = `tcp` or `udp`host_key
optional string literalThe key name added to each event representing the current host. This can also be globally set via the
global
host_key option.default:
hostkeepalive
optional objectConfigures the TCP keepalive behavior for the connection to the source.
keepalive.time_secs
optional uintThe time a connection needs to be idle before sending TCP keepalive probes.
max_length
common optional uintThe maximum bytes size of incoming messages before they are discarded.
default:
102400 (bytes)mode
required string literal enumThe type of socket to use.
Enum options
string
literal
| Option | Description |
|---|---|
tcp | TCP socket. |
udp | UDP socket. |
unix_datagram | Unix domain datagram socket. |
unix_stream | Unix domain stream socket. |
path
required string literalThe unix socket path. This should be an absolute path.
Relevant when:
mode = `unix`shutdown_timeout_secs
optional uintThe timeout before a connection is forcefully closed during shutdown.
default:
30 (seconds)Relevant when:
mode = `tcp`tls
optional objectConfigures the TLS options for incoming connections.
tls.ca_file
optional string literalAbsolute path to an additional CA certificate file, in DER or PEM format (X.509), or an in-line CA certificate in PEM format.
tls.crt_file
optional string literalAbsolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive,
key_file must also be set. This is required if enabled is set to true.tls.enabled
optional boolRequire TLS for incoming connections. If this is set, an identity certificate is also required.
default:
falsetls.key_file
optional string literalAbsolute path to a private key file used to identify this server, in DER or PEM format (PKCS#8), or an in-line private key in PEM format.
tls.key_pass
optional string literalPass phrase used to unlock the encrypted key file. This has no effect unless
key_file is set.tls.verify_certificate
optional boolIf
true, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false (the default), Vector will not request a certificate from the client.default:
falseOutput
Logs
Line
A single socket event.
host
required
string
literal
The local hostname, equivalent to the
gethostname command.Examples
my-host.localmessage
required
string
literal
The raw line, unparsed.
Examples
2019-02-13T19:48:34+00:00 [info] Started GET "/" for 127.0.0.1timestamp
required
timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332ZTelemetry
Metrics
linkconnection_errors_total
counterThe total number of connection errors for this Vector instance.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
connection_established_total
counterThe total number of times a connection has been established.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
connection_failed_total
counterThe total number of times a connection has failed.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
connection_send_ack_errors_total
counterThe total number of protocol acknowledgement errors for this Vector instance for source protocols that support acknowledgements.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
connection_send_errors_total
counterThe total number of errors sending data via the connection.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
connection_shutdown_total
counterThe total number of times the connection has been shut down.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
events_in_total
counterThe number of events accepted by this component either from tagged
origin like file and uri, or cumulatively from other origins.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
container_name
optional
The name of the container from which the event originates.
file
optional
The file from which the event originates.
host
required
The hostname of the system Vector is running on.
mode
optional
The connection mode used by the component.
peer_addr
optional
The IP from which the event originates.
peer_path
optional
The pathname from which the event originates.
pid
required
The process ID of the Vector instance.
pod_name
optional
The name of the pod from which the event originates.
uri
optional
The sanitized URI from which the event originates.
events_out_total
counterThe total number of events emitted by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
utilization
gaugeA ratio from 0 to 1 of the load on a component. A value of 0 would indicate a completely idle component that is simply waiting for input. A value of 1 would indicate a that is never idle. This value is updated every 5 seconds.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
Examples
Socket line
Given this event...2019-02-13T19:48:34+00:00 [info] Started GET "/" for 127.0.0.1[sources.my_source_id]
type = "socket"
---
sources:
my_source_id:
type: socket
{
"sources": {
"my_source_id": {
"type": "socket"
}
}
}{
"log": {
"host": "my-host.local",
"message": "2019-02-13T19:48:34+00:00 [info] Started GET \"/\" for 127.0.0.1",
"timestamp": "2020-10-10T17:07:36.452332Z"
}
}How it works
Transport Layer Security (TLS)
Vector uses OpenSSL for TLS protocols. You can
adjust TLS behavior via the
tls.* options.