On Ubuntu bionic, the documentation recommends a script to add a repo and install td-agent:
curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-bionic-td-agent3.sh | sh
The steps below are based on this documentation.
- Generate an SSL certificate.
- Add the passphrase for the cert to the configuration file.
- Generate a shared key, and put it in the configuration file.
- Put the configuration file into place.
- Put the cert in place.
- Done! You can now start the server.
-
Generate an SSL certificate. Save the passphrase.
openssl req -new -x509 -sha256 -days 1095 -newkey rsa:2048 \ -keyout fluentd.key -out fluentd.crt
-
Add the passphrase for the cert to the configuration file.
sed -e 's/PASSPHRASE_HERE/passphrase_from_above/' server/td-agent.conf
-
Generate a shared key, and put it in the configuration file.
KEY=`head -n 1024 /dev/urandom | base64 | head -1 | tr -cd '[:alnum:]'` # or your favorite random key generator sed -e "s/SHARED_KEY_HERE/$KEY/" server/td-agent.conf
-
Put the configuration file into place.
sudo cp server/td-agent.conf /etc/td-agent/td-agent.conf
-
Put the cert in place.
sudo mkdir /var/run/td-agent sudo mkdir /etc/td-agent/certs sudo mv fluentd.* /etc/td-agent/certs/ sudo chmod 700 /etc/td-agent/certs/ sudo chmod 400 /etc/td-agent/certs/* sudo chown -R td-agent:td-agent /etc/td-agent/certs /var/run/td-agent
-
Done! You can now start the server (scroll down).
sudo service td-agent start
The configuration below sends nginx logs from a service, such as ATST, to the logz server.
Installation is the same as above:
curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-bionic-td-agent3.sh | sh
# Ensure that td-agent can access log files, e.g.
usermod td-agent -G adm
- Put the shared key on the server in the client configuration.
- Put the same TLS cert that's on the server onto the client.
- That's it! You can start the daemon on the client.
Details:
-
Put the shared key on the server into the client configuration.
KEY= ....the same value from step 3 above... sed -e "s/SHARED_KEY_HERE/$KEY/" client/td-agent.conf
-
Put the same TLS cert on the server onto the client.
# scp fluentd.crt to the client machine, then sudo cp fluentd.crt /etc/td-agent/certs/fluentd.crt
-
That's it! You can start the daemon on the client. (read on)
sudo service td-agent start
This setup collects nginx logs and stores them on the server in
/var/log/td-agent/atat-nginx*.log
. To see it in action, ssh
to logz and type this into a terminal window:
sudo su -
tail -f /var/log/td-agent/atat-nginx*.log
Then somewhere else, try:
curl https://www.atat.codes/?test=12345
and watch as the log entry appears in the logz window.