1
0
mirror of https://github.com/krislamo/graylog_demo synced 2024-12-16 06:50:35 +00:00

Secure forward to td-agent on Graylog server

This commit is contained in:
Kris Lamoureux 2020-03-23 16:14:43 -04:00
parent eac9696e19
commit 9815a86386
Signed by: kris
GPG Key ID: A30022791E1719A4
4 changed files with 49 additions and 20 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
.vagrant .vagrant
tmp

16
Vagrantfile vendored
View File

@ -49,12 +49,8 @@ Vagrant.configure("2") do |config|
cp /vagrant/td-agent.repo /etc/yum.repos.d/ cp /vagrant/td-agent.repo /etc/yum.repos.d/
yum check-update yum check-update
yum install -y td-agent yum install -y td-agent
td-agent-gem install fluent-plugin-secure-forward
td-agent-gem install fluent-plugin-gelf-hs gelf td-agent-gem install fluent-plugin-gelf-hs gelf
cp /vagrant/td-agent.conf /etc/td-agent/td-agent.conf
mkdir -p /var/log/containers
chown -R td-agent:td-agent /var/log/containers
chmod -R 755 /var/log
systemctl restart td-agent
systemctl -q enable td-agent systemctl -q enable td-agent
SHELL SHELL
@ -66,6 +62,9 @@ Vagrant.configure("2") do |config|
if server == "graylog" if server == "graylog"
node.vm.provision "shell", inline: <<-SHELL node.vm.provision "shell", inline: <<-SHELL
cp /vagrant/td-agent-server.conf /etc/td-agent/td-agent.conf
systemctl restart td-agent
# Install jq # Install jq
yum install -y epel-release yum install -y epel-release
yum install -y jq yum install -y jq
@ -144,6 +143,13 @@ Vagrant.configure("2") do |config|
systemctl restart rsyslog systemctl restart rsyslog
fi fi
# Configure td-agent
cp /vagrant/td-agent.conf /etc/td-agent/td-agent.conf
mkdir -p /var/log/containers
chown -R td-agent:td-agent /var/log/containers
chmod -R 755 /var/log
systemctl restart td-agent
# Bring up WordPress test containers # Bring up WordPress test containers
cd /vagrant/wordpress cd /vagrant/wordpress
/usr/local/bin/docker-compose up -d 2> /dev/null /usr/local/bin/docker-compose up -d 2> /dev/null

27
td-agent-server.conf Normal file
View File

@ -0,0 +1,27 @@
<source>
@type secure_forward
shared_key test
self_hostname 172.28.128.30
port 2514
secure true
ca_cert_path /vagrant/tmp/ca_cert.pem
ca_private_key_path /vagrant/tmp/ca_key.pem
ca_private_key_passphrase test
</source>
<filter httpd.access>
@type parser
key_name message
reserve_data true
<parse>
@type apache2
</parse>
</filter>
<match **>
@type gelf
protocol tcp
host localhost
port 12201
flush_interval 5s
</match>

View File

@ -19,16 +19,6 @@
</parse> </parse>
</source> </source>
<filter httpd.access>
@type parser
key_name message
reserve_data true
<parse>
@type apache2
</parse>
</filter>
<match devel.*> <match devel.*>
@type copy @type copy
<store> <store>
@ -51,9 +41,14 @@
</match> </match>
<match **> <match **>
@type gelf @type secure_forward
protocol tcp shared_key test
host localhost self_hostname 172.28.128.31
port 12201 secure true
flush_interval 5s ca_cert_path /vagrant/tmp/ca_cert.pem
<server>
host 172.28.128.30
port 2514
</server>
</match> </match>