Server_A —> Server_B —> Server_C
Let’s say that we have our elasticsearch/kibana setup on Server_C
but Server_A can’t talk to Server_C.
Server_A
# tail /etc/rsyslog.d/20_central_logging.conf *.* @192.168.1.100:42185 & ~
Server_B
install fluentd
# wget -c http://packages.treasuredata.com.s3.amazonaws.com/2/redhat/6/x86_64/td-agent-2.2.1-0.el6.x86_64.rpm # rpm -ivh td-agent-2.2.1-0.el6.x86_64.rpm
configure fluentd
# vim /etc/td-agent/td-agent.conf
<source> type syslog port 42185 tag rsyslog </source> <match ***> type forward send_timeout 10s recover_wait 10s heartbeat_interval 1s phi_threshold 16 hard_timeout 60s <server> host 192.168.1.200 </server> </match>
Server C
install fluentd
# wget -c http://packages.treasuredata.com.s3.amazonaws.com/2/redhat/6/x86_64/td-agent-2.2.1-0.el6.x86_64.rpm # rpm -ivh td-agent-2.2.1-0.el6.x86_64.rpm
configure fluentd
# vim /etc/td-agent/td-agent.conf
<match ***> type elasticsearch flush_interval 10s # for testing logstash_format true </match>
PLZ Dont forget your iptables rules !!!!
UDP & TCP
Tag(s):
Fluentd