# Azure MDSD configuration: syslog forwarding config for mdsd agent
options {};

#filter
filter f_regex_match {
        match("metadata_smbfiles" value("MESSAGE"))
        or match("metadata_smbmapping" value("MESSAGE"))
        or match("metadata_radius" value("MESSAGE"))
        or match("metadata_smtp" value("MESSAGE"))
        or match("metadata_dhcp" value("MESSAGE"))
        or match("metadata_beacon" value("MESSAGE"))
        or match("metadata_match" value("MESSAGE"))
        or match("metadata_rdp" value("MESSAGE"));
};

#rewrite to Facility: local0 and Secerity: Notice
rewrite r_change_facility_and_severity {
    set-pri("133");
};

# during install time, we detect if s_src exist, if it does then we
# replace it by appropriate source name like in redhat 's_sys'
# Forwrding using tcp
destination d_azure_mdsd {
        network("127.0.0.1"
        port(28330)
        log-fifo-size(25000));

};

log {
        source(s_src); # will be automatically parsed from /etc/syslog-ng/syslog-ng.conf
        filter(f_regex_match);
        rewrite(r_change_facility_and_severity);
        destination(d_azure_mdsd);
        flags(flow-control, final);
};

log {
        source(s_src); # will be automatically parsed from /etc/syslog-ng/syslog-ng.conf
        destination(d_azure_mdsd);
        flags(flow-control);
};