Fluentd to forward for syslogs as-is
53 views
Skip to first unread message
Sudhin Bengeri
May 25, 2021, 9:33:12 AM5/25/21
to Fluentd Google Group
Hi,
<15>May 24 19:49:22 fluentdhost fluentd: May 24 15:49:06 ubuntu42 multipathd[602]: sda: failed to get sgio uid: No such file or directory
I am exploring using of Fluentd for it's various rich input plugins, and then use the remote_syslog output plugin to send the logs to a syslog server (not Fluentd). This works well for files, windows eventlog, http, etc.,
However, for syslogs that are received I want them to be forwarded as-is, that is, I don't want Fluentd to add it's own timestamp, host, program. This is how syslog for syslogs are currently being sent:
<15>May 24 19:49:22 fluentdhost fluentd: May 24 15:49:06 ubuntu42 multipathd[602]: sda: failed to get sgio uid: No such file or directory
I want it to just send the received syslog:
<15>May 24 15:49:06 ubuntu42 multipathd[602]: sda: failed to get sgio uid: No such file or directory
<15>May 24 15:49:06 ubuntu42 multipathd[602]: sda: failed to get sgio uid: No such file or directory
I have not been able to figure this out and did not find much info about it in the Fluentd doc. Is this possible, if so, how?
Thanks.
Sudhin
Riz vaughan
Jun 11, 2021, 4:27:29 AM6/11/21
to Fluentd Google Group
Hi Sudhin,
Have you checked record_transformer plugin? If I have understood your question well, youy would like to remove keys from the logs. This plugin can help you with that. Or, juts filter out the fields you want or make use of (r)syslog template feature.
Have you checked record_transformer plugin? If I have understood your question well, youy would like to remove keys from the logs. This plugin can help you with that. Or, juts filter out the fields you want or make use of (r)syslog template feature.
Reply all
Reply to author
Forward
0 new messages