Aug
23
2015
forwarding logs with Fluentd

Server_A —> Server_B —> Server_C

Let’s say that we have our elasticsearch/kibana setup on Server_C
but Server_A can’t talk to Server_C.

Server_A


# tail /etc/rsyslog.d/20_central_logging.conf 

*.*      @192.168.1.100:42185
& ~

Server_B

install fluentd



# wget -c http://packages.treasuredata.com.s3.amazonaws.com/2/redhat/6/x86_64/td-agent-2.2.1-0.el6.x86_64.rpm
# rpm -ivh td-agent-2.2.1-0.el6.x86_64.rpm

configure fluentd


# vim /etc/td-agent/td-agent.conf


<source>
  type syslog
  port 42185
  tag  rsyslog
</source>

<match ***>
  type forward
  send_timeout 10s
  recover_wait 10s
  heartbeat_interval 1s
  phi_threshold 16
  hard_timeout 60s

  <server>
    host 192.168.1.200
  </server>
</match>

Server C

install fluentd



# wget -c http://packages.treasuredata.com.s3.amazonaws.com/2/redhat/6/x86_64/td-agent-2.2.1-0.el6.x86_64.rpm
# rpm -ivh td-agent-2.2.1-0.el6.x86_64.rpm

configure fluentd


# vim /etc/td-agent/td-agent.conf

<match ***>
  type elasticsearch
  flush_interval 10s # for testing
  logstash_format true
</match>

PLZ Dont forget your iptables rules !!!!
UDP & TCP

Tag(s): Fluentd