Use the LogDNA Fluentd plugin to send your Fluentd logs to LogDNA.
Install Fluentd
On Windows Server (2008 or newer), install the FluentD’s td-agent here, or run this command in PowerShell:
Invoke-WebRequest -Uri "http://packages.treasuredata.com.s3.amazonaws.com/4/windows/td-agent-4.0.0-x64.msi" -Outfile td-agent.msi ; & .\td-agent.msi /passive
Configure Fluentd
-
Head to where FluentD is installed – by default, it's in
C:\opt\td-agent\etc\td-agent\ -
Copy and paste our configuration template from the end of this page into the existing td-agent.conf file.
-
On the line with
channels, application, system, you can include one or more of{'application', 'system', 'setup', 'security'}. If you want to read 'setup' or 'security' logs, you must launch FluentD with administrator privileges. -
On the
api_keyline, replace the filler text with your LogDNA ingestion key. -
On the
ingester_domainline, replace the URL if you are not using our default ingestion endpoint. -
Finally, save the changes you've made to your td-agent.conf file.
Install the LogDNA Fluentd plugin
Run this command in PowerShell
Start-Process cmd "/c C:\opt\td-agent\bin\td-agent-gem install fluent-plugin-logdna"
Start FluentD
Run this command in PowerShell
Start-Process cmd "/k C:\opt\td-agent\td-agent-prompt.bat && fluentd -c c:\opt\td-agent\etc\td-agent\td-agent.conf"
Now, check your LogDNA account to see that it’s sending logs.
If logs aren’t showing up in your account, check the td-agent prompt to see what the configuration problem might be. Please contact [email protected], and let us know what you see.
Our FluentD Configuration
<source>
@type windows_eventlog2
@id windows_eventlog2
channels application,system # Also be able to use `<subscribe>` directive.
read_existing_events false
read_interval 2
tag winevt.raw
render_as_xml true # default is false.
rate_limit 200 # default is -1(Winevt::EventLog::Subscribe::RATE_INFINITE).
# preserve_qualifiers_on_hash true # default is false.
# read_all_channels false # default is false.
# description_locale en_US # default is nil. It means that system locale is used for obtaining description.
<storage>
@type local # @type local is the default.
persistent true # default is true. Set to false to use in-memory storage.
path ./tmp/storage.json # This is required when persistent is true.
# Or, please consider using <system> section's `root_dir` parameter.
</storage>
<parse>
@type winevt_xml # @type winevt_xml is the default. winevt_xml and none parsers are supported for now.
# When set up it as true, this plugin preserves "Qualifiers" and "EventID" keys.
# When set up it as false, this plugin calculates actual "EventID" from "Qualifiers" and removing "Qualifiers".
# With the following equation:
# (EventID & 0xffff) | (Qualifiers & 0xffff) << 16
preserve_qualifiers true
</parse>
# <subscribe>
# channles application, system
# read_existing_events false # read_existing_events should be applied each of subscribe directive(s)
# </subscribe>
</source>
<match **>
@type logdna
api_key xxxxxxxxxxxxxxxxxxxxxxxxxxx # paste your api key here (required)
ingester_domain https://logs.logdna.com #Replace with your specific LogDNA endpoint
hostname "#{Socket.gethostname}" #your hostname (required)
app my_app # replace with your app name
#mac C0:FF:EE:C0:FF:EE # optional mac address
#ip 127.0.0.1 # optional ip address
#tags web,dev # optional tags
slow_flush_log_threshold 30.0
request_timeout 30000 ms # optional timeout for upload request, supports seconds (s, default) and milliseconds (ms) suffixes, default 30 seconds
buffer_chunk_limit 1m # do not increase past 8m (8MB) or your logs will be rejected by our server.
flush_at_shutdown true # only needed with file buffer
</match>
For more detailed information regarding the Fluentd plugin and configuration options, check out our Github repo.
Updated 19 days ago