Skip to content
  • Korean: 이 페이지는 아직 한글로 번역되지 않았습니다.

os-vector.plugin.bash¤

vector log management configurations.

group:postnet | runtype:minmon | deps: - | port: -

Usage 
os-vector help|install|uninstall|download|disable|configgen|configapply|check|run
$ os-vector install - install Vector log management
$ os-vector uninstall - uninstall Vector
$ os-vector download - download Vector package files to pkg dir
$ os-vector disable - disable Vector plugin
$ os-vector configgen - generate Vector configuration files
$ os-vector configapply - apply Vector configuration files
$ os-vector check - check Vector plugin status
$ os-vector run - run Vector service
$ os-vector help - show this help message
Description

Vector is a high-performance log collection, transformation, and routing system.

Jangbi Configs¤

/opt/jangbi/.config
RUN_OS_VECTOR=1 # enable vector log management

Check if running¤

bash command
$ ps aux|grep vector
root      12345  0.0  0.1  12345  1234 ?        S    12:34   0:00 vector --config /etc/vector/vector.toml
$ ls -la /var/log/vector/
-rw-r--r-- 1 vector vector contacted_ips.log

Current Configuration¤

Current configuration is stored in /etc/vector/. it is generated by os-vector configgen command on install. You can edit it manually and not run install or configapply commands to keep current configurations.

/etc/vector/vector.toml
#                                    __   __  __
#                                    \ \ / / / /
#                                     \ V / / /
#                                      \_/  \/
#
#                                    V E C T O R
#                                   Configuration
#
# ------------------------------------------------------------------------------
# Website: https://vector.dev
# Docs: https://vector.dev/docs
# Chat: https://chat.vector.dev
# https://docs.sysdig.com/en/sysdig-secure/rule-fields-library/
# ------------------------------------------------------------------------------
# 

# Change this to use a non-default directory for Vector data storage:
data_dir = "/var/log/vector"

# Execute sysdig command to capture network connections
[sources.sysdig_network]
type = "exec"
command = ["sysdig", "evt.type in (connect,accept)", "-p", "%evt.datetime.s %user.name %proc.exepath pid=%proc.pid ppid=%proc.ppid %fd.cip:%fd.cport %fd.sip:%fd.sport %fd.lip:%fd.lport %fd.rip:%fd.rport"]
mode = "streaming"

# Backup sink - save individual parsed events immediately (no buffering)
[sinks.backup_file]
type = "file"
inputs = ["sysdig_network"]
path = "/var/log/vector/raw_connections_%Y%m%d_%H.log"
encoding.codec = "text"

# Minimal buffering for backup file
[sinks.backup_file.buffer]
type = "memory"
max_events = 10
when_full = "block"