Route the syslog through fluentd via UDP

2024-11-09 21:50:35 +00:00 · 2020-02-10 16:17:24 -05:00 · 2020-02-10 16:17:24 -05:00 · 5a6f09789c
commit 5a6f09789c
parent 5515109396
4 changed files with 11 additions and 6 deletions
--- a/8
+++ b/8
@ -38,13 +38,9 @@ Vagrant.configure("2") do |config|
    systemctl start rsyslog
    systemctl -q enable rsyslog

-    # Enable TCP syslog reception
-    sed -i 's/#\$ModLoad imtcp/\$ModLoad imtcp/g' /etc/rsyslog.conf
-    sed -i 's/#\$InputTCPServerRun 514/\$InputTCPServerRun 514/g' /etc/rsyslog.conf
-
    # Add rsyslog forwarding option if it does not exist
-    if ! grep -q "#{PRIVATE_NET_IP}:1514" /etc/rsyslog.conf; then
-      echo "*.* @@#{PRIVATE_NET_IP}:1514;RSYSLOG_SyslogProtocol23Format" >> /etc/rsyslog.conf
+    if ! grep -q "127.0.0.1:5140" /etc/rsyslog.conf; then
+      echo "*.* @127.0.0.1:5140" >> /etc/rsyslog.conf
      systemctl restart rsyslog
    fi

--- a/fluentd/fluent.conf
+++ b/fluentd/fluent.conf
@ -3,6 +3,12 @@
  port 24224
 </source>

+<source>
+  @type syslog
+  port 5140
+  tag system
+</source>
+
 <match **>
  @type gelf
  host vagrant_graylog_1
--- a/graylog.yml
+++ b/graylog.yml
@ -10,6 +10,7 @@ services:
    ports:
      - 24224:24224
      - 24224:24224/udp
+      - 5140:5140/udp

  mongo:
    image: mongo:4.2.2
--- a/wordpress.yml
+++ b/wordpress.yml
@ -28,6 +28,8 @@ services:
       driver: "fluentd"
       options:
        fluentd-address: "tcp://127.0.0.1:24224"
+        # Messages are buffered until the connection is established
+        #fluentd-async-connect: "true"

 volumes:
    db_data: {}