FluentD installation on windows vm
Step 1:- Install FluentD package Download the latest MSI installer from the download link. https://td-agent-package-browser.herokuapp.com/5/windows
Step 2:- Open C:/opt/fluent/etc/fluent/fluentd.conf with a text editor. The below .conf file have configs for sending the event logs to the targeted eventhub. Update the .conf file according to requirement as below:
<source>
@type tail
tag winevt.raw
# Talend log file location, multiple paths can be added.
# Note:- please escap forward slash
path Z:/\omms_ncdev/\OMMS/\NC/\DataConversion/\FileLoad/\LOGS/\NC*
# Position file location
pos_file C:/\pos/\fluent.log.pos
read_from_head true
<parse>
@type none
</parse>
</source>
<match winevt.raw>
@type copy
<store>
@type kafka2
# list of seed brokers, port 9093 is used by Kafka
# add event hub namespace name as brokers
brokers evhn-cl-t0-inspt-ceus-510.servicebus.windows.net:9093
use_event_time true
# buffer settings
<buffer>
@type file
# location for log chunks to store temporarily
path C:/\opt/\fluent/\buffer/\vmlogs
flush_interval 5s
flush_thread_count 2
chunk_limit_size 1M
</buffer>
# topic settings
# Event hub name inside event hub namespace.
default_topic application-logs
<format>
@type json
</format>
# producer settings
max_send_retries 1
required_acks -1
# using default OS certs for SSL
ssl_ca_certs_from_system true
username *****************
password *****************
</store>
<store>
@type stdout
</store>
</match>
Step 3:- Launch Fluent Package Command Prompt with Administrator privilege
Step 4:- Run fluentd Type the following command into Fluent Package Command Prompt with Administrator privilege:
C:\opt\fluent> fluentd
Now fluentd starts collecting logs from the given location and those logs will be pushed to the targeted event hub.
Step 5:- After that check the logs are showing in the eventhub matrix and then in the respective log analytics workspace.