Forward is the protocol used by Fluentd to route messages between peers. The forward output plugin provides interoperability between Calyptia Calyptia Fluent Bit and Fluentd. There are no configuration steps required besides specifying where Fluentd is located, which can be a local or a remote destination.
This plugin offers two different transports and modes:
Forward (TCP): It uses a plain TCP connection.
Secure Forward (TLS): when TLS is enabled, the plugin switch to Secure Forward mode.
Configuration Parameters
The following parameters are mandatory for either Forward for Secure Forward modes:
Key
Description
Default
Host
Target host where Fluent-Bit or Fluentd are listening for Forward messages.
127.0.0.1
Port
TCP Port of the target service.
24224
Time_as_Integer
Set timestamps in integer format, it enable compatibility mode for Fluentd v0.12 series.
False
Upstream
Unix_Path
Specify the path to unix socket to send a Forward message. If set, Upstream is ignored.
Tag
Overwrite the tag as we transmit. This allows the receiving pipeline start fresh, or to attribute source.
Send_options
Always send options (with "size"=count of messages)
False
Require_ack_response
Send "chunk"-option and wait for "ack" response from server. Enables at-least-once and receiving server can control rate of traffic. (Requires Fluentd v0.14.0+ server)
False
Compress
Workers
Enables dedicated thread(s) for this output. Default value is set since version 1.8.13. For previous versions is 0.
2
Secure Forward Mode Configuration Parameters
When using Secure Forward mode, the TLS mode requires to be enabled. The following additional configuration parameters are available:
Key
Description
Default
Shared_Key
A key string known by the remote Fluentd used for authorization.
Empty_Shared_Key
Use this option to connect to Fluentd with a zero-length secret.
False
Username
Specify the username to present to a Fluentd server that enables user_auth.
Password
Specify the password corresponding to the username.
Self_Hostname
Default value of the auto-generated certificate common name (CN).
localhost
tls
Enable or disable TLS support
Off
tls.verify
Force certificate validation
On
tls.debug
Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose
1
tls.ca_file
Absolute path to CA certificate file
tls.crt_file
Absolute path to Certificate file.
tls.key_file
Absolute path to private Key file.
tls.key_passwd
Optional password for tls.key_file file.
Forward Setup
Before proceeding, make sure that Fluentd is installed, if it's not the case please refer to the following Fluentd Installation document and go ahead with that.
Once Fluentd is installed, create the following configuration file example that will allow us to stream data into it:
<source>
type forward
bind 0.0.0.0
port 24224
</source>
<match fluent_bit>
type stdout
</match>
That configuration file specifies that it will listen for TCP connections on the port 24224 through the forward input type. Then for every message with a fluent_bitTAG, will print the message to the standard output.
In one terminal launch Fluentd specifying the new configuration file created:
$fluentd-ctest.conf2017-03-2311:50:43-0600 [info]: reading config file path="test.conf"2017-03-2311:50:43-0600 [info]: starting fluentd-0.12.332017-03-2311:50:43-0600 [info]: gem 'fluent-mixin-config-placeholders' version '0.3.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-docker' version '0.1.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-elasticsearch' version '1.4.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-flatten-hash' version '0.2.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-flowcounter-simple' version '0.0.4'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-influxdb' version '0.2.8'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-json-in-json' version '0.1.4'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-mongo' version '0.7.10'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-out-http' version '0.1.3'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-parser' version '0.6.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-record-reformer' version '0.7.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '1.5.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-stdin' version '0.1.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-td' version '0.10.27'2017-03-2311:50:43-0600 [info]: adding match pattern="fluent_bit" type="stdout"2017-03-2311:50:43-0600 [info]: adding source type="forward"2017-03-2311:50:43-0600 [info]: using configuration file: <ROOT><source>typeforwardbind0.0.0.0port24224</source><matchfluent_bit>typestdout</match></ROOT>2017-03-2311:50:43-0600 [info]: listening fluent socket on 0.0.0.0:24224
Calyptia Fluent Bit + Forward Setup
Now that Fluentd is ready to receive messages, we need to specify where the forward output plugin will flush the information using the following format:
So we gathered CPU metrics and flushed them out to Fluentd properly.
Calyptia Fluent Bit + Secure Forward Setup
DISCLAIMER: the following example does not consider the generation of certificates for best practice on production environments.
Secure Forward aims to provide a secure channel of communication with the remote Fluentd service using TLS.
Calyptia Fluent Bit
Paste this content in a file called flb.conf:
[SERVICE]
Flush 5
Daemon off
Log_Level info
[INPUT]
Name cpu
Tag cpu_usage
[OUTPUT]
Name forward
Match *
Host 127.0.0.1
Port 24284
Shared_Key secret
Self_Hostname flb.local
tls on
tls.verify off
If Forward will connect to an Upstream instead of a simple host, this property defines the absolute path for the Upstream configuration file, for more details about this refer to the documentation section.
Set to "gzip" to enable gzip compression. Incompatible with Time_as_Integer=True and tags set dynamically using the filter. (Requires Fluentd v0.14.7+ server)