Thank you for trying Fluentd ;)
1. We recommend to setup Fluentd locally because Fluentd has reliable buffering and load balancing with out_forward plugin.
It is standard way of Fluentd centralized logging.
2. You can use TCP syslog protocol and file buffer with out_forward. In this case, your received log is stored in the file first.
After that, out_forward flushes file content to another server.
3. Hmm. If you use unique tag instead of IP, you can simply use out_s3 plugin with out_forest plugin.
out_forest creates an output plugin with actual tag dynamically.
Server1: in_syslog -> syslog.server1_tag -> out_forward -> in_forward -> out_forest(create out_s3 with server1_tag) -> out_s3
Server2: in_syslog -> syslog.server2_tag -> ...
If you want to use IP(or hostname) in the S3 path, maybe you need rewrite-tag-filter plugin.
rewrite-tag-filter routes the event using actual record value and can reference it for tag routing.
For example:
rewriterule1 domain ^(mail)\.(example)\.com$ site.$2$1 # $1 refs (mail), $2 refs (example)
Flow example is below:
Server1: in_syslog -> syslog.IP1(or hostname1) -> (out and in)forward -> out_rewrite_tag_filter -> out_forest -> out_s3.
Server2: in_syslog -> syslog.IP2(or hostname2) -> ...
tagomori-san or yoshi-ken san:
Do you have any idea for 3 case?
Thanks,
Masahiro