37 lines
813 B
INI
37 lines
813 B
INI
[Unit]
|
|
Description=Fluent Bit
|
|
Documentation=https://docs.fluentbit.io/manual/
|
|
Requires=network.target
|
|
After=network.target
|
|
StartLimitIntervalSec=5
|
|
StartLimitBurst=5
|
|
|
|
[Service]
|
|
Type=exec
|
|
ExecStart=/usr/bin/fluent-bit -c /etc/fluent-bit/fluent-bit.yml -Y
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
StateDirectory=fluent-bit
|
|
Restart=always
|
|
RestartSec=1
|
|
BindPaths=%S/fluent-bit
|
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
|
|
LockPersonality=yes
|
|
MemoryDenyWriteExecute=yes
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=yes
|
|
ProtectHostname=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectSystem=strict
|
|
ReadOnlyPaths=/var/log
|
|
ReadWritePaths=%S/fluent-bit
|
|
RestrictNamespaces=yes
|
|
RestrictRealtime=yes
|
|
SystemCallArchitectures=native
|
|
TemporaryFileSystem=%S:ro
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|