## CLO GENERATED CONFIGURATION ###
# This file is a copy of the fluentd configuration entrypoint
# which should normally be supplied in a configmap.
log_level "#{ENV['LOG_LEVEL'] || 'warn'}"
# Prometheus Monitoring
@type prometheus
bind "[::]"
cert_path /etc/collector/metrics/tls.crt
private_key_path /etc/collector/metrics/tls.key
@type prometheus_monitor
hostname ${hostname}
# excluding prometheus_tail_monitor
# since it leaks namespace/pod info
# via file paths
# tail_monitor plugin which publishes log_collected_bytes_total
@type collected_tail_monitor
hostname ${hostname}
# This is considered experimental by the repo
@type prometheus_output_monitor
hostname ${hostname}
# Logs from linux journal
@type systemd
@id systemd-input
@label @INGRESS
path '/var/log/journal'
@type local
persistent true
# NOTE: if this does not end in .json, fluentd will think it
# is the name of a directory - see fluentd storage_local.rb
path '/var/lib/fluentd/pos/journal_pos.json'
matches "#{ENV['JOURNAL_FILTERS_JSON'] || '[]'}"
tag journal
read_from_head "#{if (val = ENV.fetch('JOURNAL_READ_FROM_HEAD','')) && (val.length > 0); val; else 'false'; end}"
# Logs from containers (including openshift containers)
@type tail
@id container-input
path "/var/log/pods/*/*/*.log"
exclude_path ["/var/log/pods/openshift-logging_collector-*/*/*.log", "/var/log/pods/openshift-logging_elasticsearch-*/*/*.log", "/var/log/pods/openshift-logging_kibana-*/*/*.log", "/var/log/pods/*/*/*.gz", "/var/log/pods/*/*/*.tmp"]
pos_file "/var/lib/fluentd/pos/es-containers.log.pos"
follow_inodes true
refresh_interval 5
rotate_wait 5
tag kubernetes.*
read_from_head "true"
skip_refresh_on_startup true
@label @CONCAT
@type regexp
expression /^(?<@timestamp>[^\s]+) (?stdout|stderr) (?[F|P]) (?.*)$/
time_key '@timestamp'
keep_time_key true
# linux audit logs
@type tail
@id audit-input
@label @INGRESS
path "/var/log/audit/audit.log"
pos_file "/var/lib/fluentd/pos/audit.log.pos"
follow_inodes true
tag linux-audit.log
@type viaq_host_audit
# k8s audit logs
@type tail
@id k8s-audit-input
@label @INGRESS
path "/var/log/kube-apiserver/audit.log"
pos_file "/var/lib/fluentd/pos/kube-apiserver.audit.log.pos"
follow_inodes true
tag k8s-audit.log
@type json
time_key requestReceivedTimestamp
# In case folks want to parse based on the requestReceivedTimestamp key
keep_time_key true
time_format %Y-%m-%dT%H:%M:%S.%N%z
# Openshift audit logs
@type tail
@id openshift-audit-input
@label @INGRESS
path /var/log/oauth-apiserver/audit.log,/var/log/openshift-apiserver/audit.log
pos_file /var/lib/fluentd/pos/oauth-apiserver.audit.log
follow_inodes true
tag openshift-audit.log
@type json
time_key requestReceivedTimestamp
# In case folks want to parse based on the requestReceivedTimestamp key
keep_time_key true
time_format %Y-%m-%dT%H:%M:%S.%N%z
# Openshift Virtual Network (OVN) audit logs
@type tail
@id ovn-audit-input
@label @INGRESS
path "/var/log/ovn/acl-audit-log.log"
pos_file "/var/lib/fluentd/pos/acl-audit-log.pos"
follow_inodes true
tag ovn-audit.log
refresh_interval 5
rotate_wait 5
read_from_head true
@type none
# Concat log lines of container logs, and send to INGRESS pipeline
# Ingress pipeline
# Sending application source type to pipeline
# Sending infrastructure source type to pipeline
# Sending audit source type to pipeline
# Copying pipeline forward-app to outputs
# Copying pipeline forward-infra-audit to outputs
# Ship logs to specific outputs