1
0
mirror of https://github.com/krislamo/graylog_demo synced 2025-10-24 05:28:33 +00:00

Route the syslog through fluentd via UDP

This commit is contained in:
2020-02-10 16:17:24 -05:00
parent 5515109396
commit 5a6f09789c
4 changed files with 11 additions and 6 deletions

8
Vagrantfile vendored
View File

@@ -38,13 +38,9 @@ Vagrant.configure("2") do |config|
systemctl start rsyslog systemctl start rsyslog
systemctl -q enable rsyslog systemctl -q enable rsyslog
# Enable TCP syslog reception
sed -i 's/#\$ModLoad imtcp/\$ModLoad imtcp/g' /etc/rsyslog.conf
sed -i 's/#\$InputTCPServerRun 514/\$InputTCPServerRun 514/g' /etc/rsyslog.conf
# Add rsyslog forwarding option if it does not exist # Add rsyslog forwarding option if it does not exist
if ! grep -q "#{PRIVATE_NET_IP}:1514" /etc/rsyslog.conf; then if ! grep -q "127.0.0.1:5140" /etc/rsyslog.conf; then
echo "*.* @@#{PRIVATE_NET_IP}:1514;RSYSLOG_SyslogProtocol23Format" >> /etc/rsyslog.conf echo "*.* @127.0.0.1:5140" >> /etc/rsyslog.conf
systemctl restart rsyslog systemctl restart rsyslog
fi fi

View File

@@ -3,6 +3,12 @@
port 24224 port 24224
</source> </source>
<source>
@type syslog
port 5140
tag system
</source>
<match **> <match **>
@type gelf @type gelf
host vagrant_graylog_1 host vagrant_graylog_1

View File

@@ -10,6 +10,7 @@ services:
ports: ports:
- 24224:24224 - 24224:24224
- 24224:24224/udp - 24224:24224/udp
- 5140:5140/udp
mongo: mongo:
image: mongo:4.2.2 image: mongo:4.2.2

View File

@@ -28,6 +28,8 @@ services:
driver: "fluentd" driver: "fluentd"
options: options:
fluentd-address: "tcp://127.0.0.1:24224" fluentd-address: "tcp://127.0.0.1:24224"
# Messages are buffered until the connection is established
#fluentd-async-connect: "true"
volumes: volumes:
db_data: {} db_data: {}