Secure forward to td-agent on Graylog server

2024-12-16 06:50:35 +00:00 · 2020-03-23 16:14:43 -04:00 · 2020-03-23 16:14:43 -04:00 · 9815a86386
commit 9815a86386
parent eac9696e19
4 changed files with 49 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .vagrant
+tmp
--- a/16
+++ b/16
@ -49,12 +49,8 @@ Vagrant.configure("2") do |config|
        cp /vagrant/td-agent.repo /etc/yum.repos.d/
        yum check-update
        yum install -y td-agent
+        td-agent-gem install fluent-plugin-secure-forward
        td-agent-gem install fluent-plugin-gelf-hs gelf
-        cp /vagrant/td-agent.conf /etc/td-agent/td-agent.conf
-        mkdir -p /var/log/containers
-        chown -R td-agent:td-agent /var/log/containers
-        chmod -R 755 /var/log
-        systemctl restart td-agent
        systemctl -q enable td-agent

      SHELL
@ -66,6 +62,9 @@ Vagrant.configure("2") do |config|
      if server == "graylog"
        node.vm.provision "shell", inline: <<-SHELL

+          cp /vagrant/td-agent-server.conf /etc/td-agent/td-agent.conf
+          systemctl restart td-agent
+
          # Install jq
          yum install -y epel-release
          yum install -y jq
@ -144,6 +143,13 @@ Vagrant.configure("2") do |config|
            systemctl restart rsyslog
          fi

+          # Configure td-agent
+          cp /vagrant/td-agent.conf /etc/td-agent/td-agent.conf
+          mkdir -p /var/log/containers
+          chown -R td-agent:td-agent /var/log/containers
+          chmod -R 755 /var/log
+          systemctl restart td-agent
+
          # Bring up WordPress test containers
          cd /vagrant/wordpress
          /usr/local/bin/docker-compose up -d 2> /dev/null
--- a/td-agent-server.conf
+++ b/td-agent-server.conf
@ -0,0 +1,27 @@
+<source>
+  @type secure_forward
+  shared_key test
+  self_hostname 172.28.128.30
+  port 2514
+  secure true
+  ca_cert_path /vagrant/tmp/ca_cert.pem
+  ca_private_key_path /vagrant/tmp/ca_key.pem
+  ca_private_key_passphrase test
+</source>
+
+<filter httpd.access>
+  @type parser
+  key_name message
+  reserve_data true
+  <parse>
+    @type apache2
+  </parse>
+</filter>
+
+<match **>
+  @type gelf
+  protocol tcp
+  host localhost
+  port 12201
+  flush_interval 5s
+</match>
--- a/td-agent.conf
+++ b/td-agent.conf
@ -19,16 +19,6 @@
  </parse>
 </source>

-<filter httpd.access>
-  @type parser
-  key_name message
-  reserve_data true
-  <parse>
-    @type apache2
-  </parse>
-</filter>
-
-
 <match devel.*>
  @type copy
  <store>
@ -51,9 +41,14 @@
 </match>

 <match **>
-  @type gelf
-  protocol tcp
-  host localhost
-  port 12201
-  flush_interval 5s
+  @type secure_forward
+  shared_key test
+  self_hostname 172.28.128.31
+  secure true
+  ca_cert_path /vagrant/tmp/ca_cert.pem
+
+  <server>
+    host 172.28.128.30
+    port 2514
+  </server>
 </match>