in_forward: Add descrioptions for secure forward related parameters (#…

…1354) * in_forward: Add descrioptions for secure forward related parameters To work as secure forward connection, there are a few parameters to be needed to specify: * shared_key * self_hostname * security.users Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io> * Update pipeline/inputs/forward.md Co-authored-by: José Lecaros <lecaros@calyptia.com> Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io> * in_forward: Add an example for secure forward protocol without TLS Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io> --------- Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io> Co-authored-by: José Lecaros <lecaros@calyptia.com>
fluent · Apr 19, 2024 · 4c620f2 · 4c620f2
1 parent 8a615cc
commit 4c620f2
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/pipeline/inputs/forward.md b/pipeline/inputs/forward.md
@@ -17,6 +17,9 @@ The plugin supports the following configuration parameters:
 | Buffer\_Chunk\_Size | By default the buffer to store the incoming Forward messages, do not allocate the maximum memory allowed, instead it allocate memory when is required. The rounds of allocations are set by _Buffer\_Chunk\_Size_. The value must be according to the [Unit Size ](../../administration/configuring-fluent-bit/unit-sizes.md)specification. | 1024000 |
 | Tag_Prefix          | Prefix incoming tag with the defined value.|  |
 | Tag                 | Override the tag of the forwarded events with the defined value.|  |
+| Shared\_Key         | Shared key for secure forward authentication. |  |
+| Self\_Hostname      | Hostname for secure forward authentication.   |  |
+| Security.Users      | Specify the username and password pairs for secure forward authentication. | |
 
 ## Getting Started
 
@@ -74,6 +77,51 @@ pipeline:
 {% endtab %}
 {% endtabs %}
 
+## Fluent Bit + Secure Forward Setup
+
+Since Fluent Bit v3, in\_forward can handle secure forward protocol.
+
+For using user-password authentication, it needs to specify `secutiry.users` at least an one-pair.
+For using shared key, it needs to specify `shared_key` in both of forward output and forward input.
+`self_hostname` is not able to specify with the same hostname between fluent servers and clients.
+
+{% tabs %}
+{% tab title="fluent-bit-secure-forward.conf" %}
+```python
+[INPUT]
+    Name              forward
+    Listen            0.0.0.0
+    Port              24224
+    Buffer_Chunk_Size 1M
+    Buffer_Max_Size   6M
+    Security.Users fluentbit changeme
+    Shared_Key secret
+    Self_Hostname flb.server.local
+
+[OUTPUT]
+    Name   stdout
+    Match  *
+```
+{% endtab %}
+
+{% tab title="fluent-bit-secure-forward.yaml" %}
+```yaml
+pipeline:
+    inputs:
+        - name: forward
+          listen: 0.0.0.0
+          port: 24224
+          buffer_chunk_size: 1M
+          buffer_max_size: 6M
+          security.users: fluentbit changeme
+          shared_key: secret
+          self_hostname: flb.server.local
+    outputs:
+        - name: stdout
+          match: '*'
+```
+{% endtab %}
+{% endtabs %}
 
 ## Testing