infrastructure-notes/Fluentd Notes.md

Fluentd Notes.md

Fluentd is part of Treasure Data. So the service name is td-agent.

systemctl status td-agent

Fluentd is installed on afs-splunk-syslog-1. Fluentd will not start unless the directories specifid in the config file are created.

salt -L 'afs-splunk-syslog-1' cmd.run 'ls -larth /opt/syslog-ng/'
salt -L 'afs-splunk-syslog-1' cmd.run 'mkdir /opt/syslog-ng/zscaler_firewall/'
salt -L 'afs-splunk-syslog-1' cmd.run 'mkdir /opt/syslog-ng/zscaler_dns/'
salt -L 'afs-splunk-syslog-1' cmd.run 'chown td-agent:td-agent /opt/syslog-ng/zscaler_firewall/'
salt -L 'afs-splunk-syslog-1' cmd.run 'chown td-agent:td-agent /opt/syslog-ng/zscaler_dns/'

Folder structure changed!

salt -L 'afs-splunk-syslog-1' cmd.run 'tail /opt/syslog-ng/zscaler/web/log/2020-05-26/zscaler_web.2020-05-26T2020_0.log'