FluentD Output & Formatter Plugins: SyslogSEKOIA
This plugin is HEAVILY based on the work done on https://github.com/cloudfoundry/fluent-plugin-syslog_rfc5424
Formatter plugin adheres to RFC5424.
Output plugin adheres to RFC6587 and RFC5424.
Installation
Add this line to your application's Gemfile:
gem 'fluent-plugin-sekoia'
And then execute:
$ bundle
Or install it yourself as:
$ gem install fluent-plugin-sekoia
Output Usage
<match **>
@type sekoia
<buffer>
@type memory
flush_interval 10s
</buffer>
</match>
Configuration
| name | type | description |
|---|---|---|
| host | string | syslog target host (default: intake.sekoia.io) |
| port | integer | syslog target port (default: 10514) |
| transport | string | transport protocol (tls [default], udp, or tcp) |
| insecure | boolean | skip ssl validation |
| trusted_ca_path | string | file path to ca to trust |
Format Section
Defaults to sekoia
| name | type | description |
|---|---|---|
| rfc6587_message_size | boolean | prepends message length for syslog transmission (true by default) |
| app_name_field | string | sets app name in syslog from field in fluentd, delimited by '.' (default kubernetes.labels.app) |
| proc_id_field | string | sets proc id in syslog from field in fluentd, delimited by '.' (default kubernete.pod_name) |
| intake_key_field | string | sets intake_key in structured data for sekoia.io. delimited by '.' (default kubernetes.annotations.sekoia-io-intake-key) |
Formatter Usage
<match **>
@type sekoia
<format>
@type sekoia
app_name_field example.custom_field_1
intake_key_field kubernetes.annotations.custom-annotation-that-contains-intake-key
</format>
</match>
Development
After checking out the repo, run bundle install to install dependencies. Then, run bundle exec rake to run the tests. You can also run bundle console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.
To release a new version,
- update the version number in
fluent-plugin-sekoia.gemspec, - download latest sekoia.io certificate
make download - then run
bundle exec rake release, which will create a git tag for the version, - push git commits and tags
- push the
.gemfile to rubygems.org.
Using the dev docker environment
Run the command make dev to start a docker with the current folder mounted in the docker. Then use the following commands to start the tests at each code modifications:
bundle install
find . | entr -s 'bundle exec rake'
Publishing
- Run tests
bundle exec rake - Download latest sekoia.io certificate
make download - Push changes
- Create & push git tag with version
- Change version in
.gemspec - Build gem
gem build fluent-plugin-sekoia - Push
.gemfile to rubygemsgem push pkg/fluent-plugin-sekoia-io-0.0.1