This role installs/configures Fluentd server (no ssl) with elasticsearch plugin and as a syslog source. It increases file descriptors and modifies kernel parameters per Fluentd documentation.
It coul be used with elastic.elasticsearch role. It doesn't handle firewall rules-
RedHat/CentOS distribution.
Change fluentd_syslog_bind_address
to the logging server IP or 0.0.0.0/0 in order to receive syslog data from other systems.
Default values (defaults/main.yml
):
# defaults file for fluentd
## Syslog ip and port to listen for
fluentd_syslog_bind_address: 127.0.0.1
fluentd_syslog_port: 5140
## Forward port to listen for
fluentd_forward_port: 24224
## Debug port to listen for
fluentd_debug_port: 24230
## Elastic host and index
fluentd_elasticsearch_host: localhost
fluentd_elasticsearch_port: 9200
fluentd_elasticsearch_index: fluentd
fluentd_elasticsearch_type: fluentd
## Rsyslog config dir
rsyslog_config_dir: /etc/rsyslog.d
To install Fluentd server:
- name: Install fluentd
hosts: logging
become: yes
roles:
- { role: jobcespedes.ansible_role_fluentd, tags: ["fluentd"] }
To configure rsyslog in other system machines for centralized logging
# Centralized rsyslog logging
- name: Centralized rsyslog logging
hosts: all:!logging
become: yes
tags: rsyslogd-to-fluentd
handlers:
- name: restart rsyslogd
service:
name: rsyslog
state: restarted
tasks:
- name: Install fluentd rsyslog config
blockinfile:
dest: '{{ rsyslog_config_dir }}/fluentd.conf'
create: yes
state: present
block: |
$ActionQueueFileName fwdFluentd1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @{{ fluentd_syslog_address }}:{{ fluentd_syslog_port }}
notify: restart rsyslogd
Apache License, Version 2.0
Job Cespedes: [email protected]