From 5a6f09789c3bb481d570a239bc05058e3567db39 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Mon, 10 Feb 2020 16:17:24 -0500 Subject: [PATCH] Route the syslog through fluentd via UDP --- Vagrantfile | 8 ++------ fluentd/fluent.conf | 6 ++++++ graylog.yml | 1 + wordpress.yml | 2 ++ 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index e6cecf2..4d4c863 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -38,13 +38,9 @@ Vagrant.configure("2") do |config| systemctl start rsyslog systemctl -q enable rsyslog - # Enable TCP syslog reception - sed -i 's/#\$ModLoad imtcp/\$ModLoad imtcp/g' /etc/rsyslog.conf - sed -i 's/#\$InputTCPServerRun 514/\$InputTCPServerRun 514/g' /etc/rsyslog.conf - # Add rsyslog forwarding option if it does not exist - if ! grep -q "#{PRIVATE_NET_IP}:1514" /etc/rsyslog.conf; then - echo "*.* @@#{PRIVATE_NET_IP}:1514;RSYSLOG_SyslogProtocol23Format" >> /etc/rsyslog.conf + if ! grep -q "127.0.0.1:5140" /etc/rsyslog.conf; then + echo "*.* @127.0.0.1:5140" >> /etc/rsyslog.conf systemctl restart rsyslog fi diff --git a/fluentd/fluent.conf b/fluentd/fluent.conf index d889e71..1cead2b 100644 --- a/fluentd/fluent.conf +++ b/fluentd/fluent.conf @@ -3,6 +3,12 @@ port 24224 + + @type syslog + port 5140 + tag system + + @type gelf host vagrant_graylog_1 diff --git a/graylog.yml b/graylog.yml index e3d0918..aef8627 100644 --- a/graylog.yml +++ b/graylog.yml @@ -10,6 +10,7 @@ services: ports: - 24224:24224 - 24224:24224/udp + - 5140:5140/udp mongo: image: mongo:4.2.2 diff --git a/wordpress.yml b/wordpress.yml index 6f69840..1166222 100644 --- a/wordpress.yml +++ b/wordpress.yml @@ -28,6 +28,8 @@ services: driver: "fluentd" options: fluentd-address: "tcp://127.0.0.1:24224" + # Messages are buffered until the connection is established + #fluentd-async-connect: "true" volumes: db_data: {}