# Maintainer: Joel Carnat <joel@carnat.net>
# syslog-ng-3.12.1p4

filter f_unbound {
  program("unbound");
  and level(info);
  and not message("%info: service stopped%");
  and not message("%info: start of service%");
  and not message("% static 192.168.0%");
};

filter f_unbound_query {
  filter(f_unbound);
  and tags("query");
};

filter f_unbound_redirect {
  filter(f_unbound);
  and tags("redirect");
};

filter f_unbound_unmatched {
  filter(f_unbound);
  and tags("unmatched");
};

parser p_unbound {
  db_parser(
    file("/etc/syslog-ng/unbound.xml")
  );
};

destination d_influxdb_unbound_query {
  http(
    url("http://127.0.0.1:8086/write?db=logs&precision=ms")
    persist-name("influxdb_unbound_query")
    method("POST")
    user_agent("syslog-ng")
    body("unbound,sysName=${HOST},clientip=${CLIENTIP},name=${NAME},type=${TYPE},class=${CLASS},return_code=${RETURN_CODE},from_cache=${FROM_CACHE} time_to_resolve=${TIME_TO_RESOLVE},response_size=${RESPONSE_SIZE}i ${UNIXTIME}${MSEC}")
  );
};

destination d_influxdb_unbound_redirect {
  http(
    url("http://127.0.0.1:8086/write?db=logs&precision=ms")
    persist-name("influxdb_unbound_redirect")
    method("POST")
    user_agent("syslog-ng")
    body("unbound_redirect,sysName=${HOST},clientip=${CLIENTIP},name=${NAME},type=${TYPE},class=${CLASS} void_field=1i ${UNIXTIME}${MSEC}")
  );
};

log {
  source(s_net);
  filter(f_unbound);
  parser(p_unbound);
  filter(f_unbound_query);
  destination(d_influxdb_unbound_query);
};

log {
  source(s_net);
  filter(f_unbound);
  parser(p_unbound);
  filter(f_unbound_redirect);
  destination(d_influxdb_unbound_redirect);
};

#EOF