After the first article, we have a Vector instance that listens to the syslog messages on the UDP port 514. In that article, we have a Vector configuration with OpenSearch. In small environments using opensearch is overkill.

Now we need to send these messages to VictoriaLogs.

For the start - we create a configuration file for Vector.

sources:
  source_syslog_udp:
    type: socket
    mode: udp
    address: '0.0.0.0:514'

transforms:
  t_parse_syslog:
    type: "remap"
    inputs: [source_syslog_udp]
    source: |
      parsed, err = parse_syslog(.message)
      if err == null {
        . |= parsed
      }      

sinks:
  victorialogs:
    type: http
    inputs: [t_parse_syslog]
    uri: http://localhost:9428/insert/jsonline
    encoding:
      codec: json
    framing:
      method: newline_delimited
    compression: gzip
    healthcheck:
      enabled: false
    request:
      headers:
        VL-Stream-Fields: host
        VL-Time-Field: timestamp
        VL-Msg-Field: message,log
        AccountID: "0"
        ProjectID: "0"

Let’s create docker containers for Vector and VictoriaLogs.

services:
  vector:
    image: docker.io/timberio/vector:0.42.X-distroless-libc
    container_name: vector
    network_mode: "host"
    volumes:
      - "./vector.yaml:/etc/vector/vector.yaml:ro"

  victorialogs:
    container_name: victorialogs
    image: victoriametrics/victoria-logs:v1.0.0-victorialogs
    network_mode: "host"
    command:
      - "--storageDataPath=/vlogs"
      - "--httpListenAddr=:9428"
    volumes:
      - "/media/vlogs:/vlogs"