Fluentd
Learn how to install and configure Fluentd logs to start sending them to LogDNA's cloud logging system.
Use the LogDNA Fluentd plugin to send your Fluentd logs to LogDNA.
Install Fluentd
On Windows Server (2008 or newer), install the FluentD’s td-agent here, or run this command in PowerShell:
Invoke-WebRequest -Uri "http://packages.treasuredata.com.s3.amazonaws.com/4/windows/td-agent-4.0.0-x64.msi" -Outfile td-agent.msi ; & .\td-agent.msi /passive
Configure Fluentd
-
Head to where FluentD is installed – by default, it's in
C:\opt\td-agent\etc\td-agent\ -
Copy and paste our configuration template from the end of this page into the existing td-agent.conf file.
-
On the line with
channels, application, system, you can include one or more of{'application', 'system', 'setup', 'security'}. If you want to read 'setup' or 'security' logs, you must launch FluentD with administrator privileges. -
On the
api_keyline, replace the filler text with your LogDNA ingestion key. -
On the
ingester_domainline, replace the URL if you are not using our default ingestion endpoint. -
Finally, save the changes you've made to your td-agent.conf file.
Install the LogDNA Fluentd plugin
Run this command in PowerShell
Start-Process cmd "/c C:\opt\td-agent\bin\td-agent-gem install fluent-plugin-logdna"
Start FluentD
Run this command in PowerShell
Start-Process cmd "/k C:\opt\td-agent\td-agent-prompt.bat && fluentd -c c:\opt\td-agent\etc\td-agent\td-agent.conf"
Now, check your LogDNA account to see that it’s sending logs.
If logs aren’t showing up in your account, check the td-agent prompt to see what the configuration problem might be. Please contact [email protected], and let us know what you see.
Our FluentD Configuration
<source>
@type windows_eventlog2
@id windows_eventlog2
channels application,system # Also be able to use `<subscribe>` directive.
read_existing_events false
read_interval 2
tag winevt.raw
render_as_xml true # default is false.
rate_limit 200 # default is -1(Winevt::EventLog::Subscribe::RATE_INFINITE).
# preserve_qualifiers_on_hash true # default is false.
# read_all_channels false # default is false.
# description_locale en_US # default is nil. It means that system locale is used for obtaining description.
<storage>
@type local # @type local is the default.
persistent true # default is true. Set to false to use in-memory storage.
path ./tmp/storage.json # This is required when persistent is true.
# Or, please consider using <system> section's `root_dir` parameter.
</storage>
<parse>
@type winevt_xml # @type winevt_xml is the default. winevt_xml and none parsers are supported for now.
# When set up it as true, this plugin preserves "Qualifiers" and "EventID" keys.
# When set up it as false, this plugin calculates actual "EventID" from "Qualifiers" and removing "Qualifiers".
# With the following equation:
# (EventID & 0xffff) | (Qualifiers & 0xffff) << 16
preserve_qualifiers true
</parse>
# <subscribe>
# channels, application, system
# read_existing_events false # read_existing_events should be applied each of subscribe directive(s)
# </subscribe>
</source>
<match **>
@type logdna
api_key xxxxxxxxxxxxxxxxxxxxxxxxxxx # paste your api key here (required)
ingester_domain https://logs.logdna.com #Replace with your specific LogDNA endpoint
hostname "#{Socket.gethostname}" #your hostname (required)
app my_app # replace with your app name
#mac C0:FF:EE:C0:FF:EE # optional mac address
#ip 127.0.0.1 # optional ip address
#tags web,dev # optional tags
slow_flush_log_threshold 30.0
request_timeout 30000 ms # optional timeout for upload request, supports seconds (s, default) and milliseconds (ms) suffixes, default 30 seconds
buffer_chunk_limit 1m # do not increase past 8m (8MB) or your logs will be rejected by our server.
flush_at_shutdown true # only needed with file buffer
</match>
For more detailed information regarding the Fluentd plugin and configuration options, check out our Github repo.
Updated 22 days ago