forked from daattali/beautiful-jekyll
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fluent.conf
40 lines (36 loc) · 1.98 KB
/
fluent.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#/var/log/auth.log to Log Analytics Workspace
<source> # define log source
@type tail # input plugin
path /var/log/auth.log # monitoring file
pos_file /tmp/fluentd_access # position file
tag azure-loganalytics.access # tag
<parse> # Define Parse
@type syslog # Parse syslog
message_format rfc3164 # define RFC format for this log source
with_priority false
</parse> # close type definition
</source> # close log source definition
<match azure-loganalytics.access> # define match statement
@type azure-loganalytics # define type
customer_id XXXXXXXXXXXXXXXXXXXXXXXXXXXXX # plugin workspaceID
shared_key XXXXXXXXXXXXXXXXXXXXXXXXXXXXX== # plugin workspace key
log_type auth # <-- this is what the table is named in the workspace
</match> # close match statement
#/var/log/syslog to Log Analytics Workspace
<source> # define log source
@type tail # input plugin
path /var/log/syslog # monitoring file
pos_file /tmp/fluentd_syslog # position file
tag azure-loganalytics.syslog # tag
<parse> # Define Parse
@type syslog # Parse syslog
message_format rfc3164 # define RFC format for this log source
with_priority false
</parse> # close type definition
</source> # close log source definition
<match azure-loganalytics.syslog> # define match statement
@type azure-loganalytics # define type
customer_id XXXXXXXXXXXXXXXXXXXXXXXXXXXXX # plugin workspaceID
shared_key XXXXXXXXXXXXXXXXXXXXXXXXXXXXX== # plugin workspace key
log_type syslog # <-- this is what the table is named in the workspace
</match> # close match statement