Using Fluentd as an image makes it simple to deploy a quick input logging solution for functions such as Syslogs, HTTP, custom UDP and TCP use cases, SNMP, along with many other functions. The Fluentd team has put together a great set of documents to help you get their basic configuration setup. After that, you will want to get your logs flowing into New Relic Logs to create alerts and monitor your systems.
If you are able to use the Fluentd image directly, it is really simple build on that image and add the New Relic Fluentd Output Plugin. The below set of steps assumes you have some basic understanding of building a Docker image.
It doesn't take much to get the New Relic Output Plugin into a docker image. Here is a good example from Docker on how best to create an image, LINK.
We have an example Docker file in this folder which can be used to get moving quickly.
The build process is simple and will register a newly created image in your local Docker repository. If you want to use this image for multiple machines, you will need to publish the image to a location you can access.
# Run this command in the same directory as the Docker file or point to its location
docker build --tag nr-fluent:latest nri-fluentd .
# Run this command to verify the image was created
docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nr-fluent latest 70c388b63afc 1 minute ago 44.9MBThe next steps assume that you have already created a fluentd.conf file with is ready to being monitoring. If you haven't, you must do so before you continue.
In the following example can be used if you are going to run a syslog server on the image.
# Notice that the syntax for exposing the UDP port is a bit different
# In testing, it appeared that trying to map the UDP port to from a different one configured in the Fluentd config file didn't work as expected
docker run -d --name "syslog" -p 0.0.0.0:5140:5140/udp -p 0.0.0.0:5142:5142/udp -v /etc/fluentd:/fluentd/etc -e FLUENTD_CONF=fluentd.conf nr-fluent:latestIn the below example, we are going to create a fluentd.conf which will enable a syslog server. It is a good idea to determine if your syslog server is going
to connect to this service using UDP or TCP. By default, most syslog servers will likely use UDP. In the below example, I am setting up two syslog listeners for
Ubiquiti Edgemax router and the Unifi Security Gateway and Access points.
Below, I have chosen /etc/fluentd/ as my directory.
# Make the directory
sudo mkdir /etc/fluentd
# Edit the file
sudo nano /etc/fluentd/fluentd.conf2. Add the contents from the syslog/fluentd.conf
You can find the contents of the syslog/fluentd.conf in the sub folder syslog. These contents should provide a quick start to getting started. In the provided
example, the syslog details are coming from the above mentioned devices. You may need to tweak the configuration according to the server sending the syslog traffic.
That is all it should take to get a new stream of logs coming from those devices.