Use built-in TLS forwarding support

Vagrantfile

@@ -56,11 +56,25 @@ Vagrant.configure("2") do |config|
           systemctl restart rsyslog
         fi
 
+        # Setup TLS
+        if [ ! -f /vagrant/tmp/ca_key.pem ]; then
+          echo "Generating TLS certificates..."
+          cd /vagrant/tmp
+          openssl req -newkey rsa:4096 \
+                      -x509 \
+                      -sha256 \
+                      -days 3650 \
+                      -nodes \
+                      -out ca_cert.pem \
+                      -keyout ca_key.pem \
+                      -subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \
+                      2> /dev/null
+        fi
+
         # Install td-agent
         cp /vagrant/td-agent.repo /etc/yum.repos.d/
         yum check-update
         yum install -y td-agent
-        td-agent-gem install fluent-plugin-secure-forward
         td-agent-gem install fluent-plugin-gelf-hs gelf
         systemctl -q enable td-agent
 

td-agent-server.conf

@@ -1,12 +1,12 @@
 <source>
-  @type secure_forward
+  @type forward
-  shared_key test
-  self_hostname 172.28.128.30
   port 2514
-  secure true
+  <transport tls>
-  ca_cert_path /vagrant/tmp/ca_cert.pem
+    version TLSv1_2
-  ca_private_key_path /vagrant/tmp/ca_key.pem
+    insecure true
-  ca_private_key_passphrase test
+    cert_path /vagrant/tmp/ca_cert.pem
+    private_key_path /vagrant/tmp/ca_key.pem
+  </transport>
 </source>
 
 <source>

td-agent.conf

@@ -46,15 +46,11 @@
 </match>
 
 <match **>
-  @type secure_forward
+  @type forward
-  shared_key test
+  transport tls
-  self_hostname 172.28.128.31
+  tls_cert_path /vagrant/tmp/ca_cert.pem
-  flush_interval 0s
-  num_threads 2
-  secure true
-  ca_cert_path /vagrant/tmp/ca_cert.pem
-
   <server>
+    name example.com
     host 172.28.128.30
     port 2514
   </server>