Fluentbit syslog input tls

From UVOO Tech Wiki
Jump to navigation Jump to search

You can easily test the syslog using simple bash script.

You can create a test log with Ubuntu/Debian using gnutls-cli

Install 

sudo apt-get install gnutls-bin

sendTLSLog.sh 

ts=$(date "+%b %d %T")
echo "<142>$ts $HOSTNAME test: this is a test on test $RANDOM." | \
    gnutls-cli log.example.com --port=6514 --x509cafile=./root.ca.crt

Send log 

bash sendTLSLog.sh

Here is a config snippet example below. 

    [OUTPUT]
        Name      stdout
        Match     syslog.6514.tcp

    [INPUT]
        Name     syslog
        Parser   syslog-rfc3164
        Tag    syslog.6514.tcp
        Listen   0.0.0.0
        Port     6514
        Mode     tcp
        tls.verify no
        tls on
        tls.crt_file /app/certs/log.example.com.crt
        tls.key_file /app/certs/log.example.com.key

You may see some errors like [2023/06/24 22:25:44] [error] [tls] error: unexpected EOF But those are commonly tcp health probes from loadbalancer, liveness probes or other health checks. You can look at modifying or disabling these probes if you want.

Retrieved from "https://tech.uvoo.io/index.php?title=Fluentbit_syslog_input_tls&oldid=4334"