diff --git a/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef-configmap.yml b/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef-configmap.yml new file mode 100644 index 000000000..d860536a8 --- /dev/null +++ b/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef-configmap.yml @@ -0,0 +1,26 @@ +kind: ConfigMap +metadata: + name: fluentd-extra-conf + namespace: logging +apiVersion: v1 +data: + audisp-json.conf: |+ + + @type tail + @id in_tail_audisp-json + path /var/log/audisp-json.log + pos_file /var/log/audisp-json.log.pos + tag audisp-json + read_from_head true + + @type none + + + @type concat + key audisp-json + multiline_start_regexp /^\{/ + multiline_end_regexp /^\{/ + #time_format %Y-%m-%dT%H:%M:%S+%z + + + diff --git a/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef.yml b/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef.yml index cc1b2980b..90fc653d2 100644 --- a/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef.yml +++ b/cluster-conf/prod/us-west-2/graylog/21-fluentd-mozdef.yml @@ -22,7 +22,7 @@ spec: serviceAccountName: fluentd containers: - name: fluentd - image: thesmoothoperator/v1.3-fluent-plugin-sns:3.2.5 + image: itsre/fluentd-k8s-mozdef:1.0 imagePullPolicy: Always env: - name: FLUENT_UID @@ -32,6 +32,7 @@ spec: resources: limits: memory: 200Mi + cpu: 500m requests: cpu: 100m memory: 200Mi @@ -41,6 +42,9 @@ spec: - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true + - name: extra-conf + mountPath: /fluentd/etc/conf.d + readOnly: true terminationGracePeriodSeconds: 30 volumes: - name: varlog @@ -49,3 +53,7 @@ spec: - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers + - name: extra-conf + configMap: + name: fluentd-extra-conf +