2

We have an application deployed on AWS EKS cluster, which has a requirement of sending the application error messages to a syslog server.

Our default logs shipper is Fluent Bit, deployed as a Daemonset in the AWS EKS cluster.

Going over the official documentation of Fluent Bit, There is an option for a Syslog input, which allows to collect Syslog messages through a Unix socket server (UDP or TCP) or over the network using TCP or UDP.

But looking over the example in official documentation:

[SERVICE]
    Flush               1
    Log_Level           info
    Parsers_File        parsers.conf

[INPUT]
    Name                syslog
    Path                /tmp/in_syslog
    Buffer_Chunk_Size   32000
    Buffer_Max_Size     64000
    Receive_Buffer_Size 512000


[OUTPUT]
    Name   stdout
    Match  *

It seems that Fluent Bit, Can't receive any Syslog traps (like for example: Kiwi Server), but only performs a tail action, on the Syslog log file (in the example: /tmp/in_syslog).

Did I correctly understand the official documentation?

edwio
  • 121

2 Answers2

2

It seems you can use Syslog input plugin to configure Fluent Bit to collect Syslog messages through a Unix socket or TCP/UDP socket. Please scroll down in the documentation to see other examples than the file parsing one.

Look at these options:

Parser   syslog-rfc3164
Listen   0.0.0.0
Port     5140
Mircea Vutcovici
  • 19,011
1

It seems that Fluent Bit, Can't receive any Syslog [..] but only performs a tail action [..]

Did I correctly understand the official documentation?

Nope. As Mircea Vutcovici wrote you do can have Fluent Bit listen to a tcp/udp port and have it act as a syslog server. It is explained in the docs, though I had to add a parser line so rfc3164 is used instead of the default rfc5424. And the doc shows an example for tcp, but it seems udp is more common which I had to use.

https://docs.fluentbit.io/manual/pipeline/inputs/syslog#rsyslog_to_fluentbit_network

Fluent Bit can even forward those syslog messages to another (e.g. cloud) server. Especially handy if the server needs some form of authentication which syslog does not has built in.

Gos Bilgon
  • 11
  • 1