--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Guys, I’m having a very similar problem. I’m using the syslog input plugin, and forwarding to a central log server.
Here are the errors and my configs:
https://gist.github.com/chschs/2c16fc9aa888b5e8352a
Would love some advice here.
It’s actually the same config.
Every host listens using the in_forward on localhost:24224. Every host listens on localhost:5140 using in_syslog. Every host forwards syslog to localhost:5140. Every host forwards its fluent messages to the log server, including the log server itself. This is how we’ve built our pipeline, so that we can still get the log servers messages into fluent as well. In other words, the log server is also a client
The only difference on the log server is an additional config that matches on syslog to put messages into elasticsearch.
Here’s that config:
<match syslog.*.{warn,eror,crit,alert,emerg}>
type elasticsearch
logstash_format true
logstash_prefix syslog
index_name syslog
type_name syslog
flush_interval 3
host search
port 9200
</match>
<match yell.error>
type elasticsearch
logstash_format true
logstash_prefix yell_error
index_name yell_error
type_name error
flush_interval 3
host search
port 9200
</match>
<match syslog.*.{warn,eror,crit,alert,emerg}>
type elasticsearch
logstash_format true
logstash_prefix syslog
index_name syslog
type_name syslog
flush_interval 3
host search
port 9200
</match>