-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSet-FluentdConfig.psm1
95 lines (91 loc) · 2.54 KB
/
Set-FluentdConfig.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<#
.SYNOPSIS
This downlaods, installs and configures a fluentd windows agent via td-agent to forward logs to a centeralized server.
.PARAMETER Server
The IP or FQDN of the fluentd server to forward the packets to.
.PARAMETER Servername
The hostname of the fluentd server to forward the packets to.
.PARAMETER Port
The port number of the server to specify (defaults to 443)
.EXAMPLE
Set-FluentdCconfig -Server logs.example.com -port 7777
#>
function Set-FluentdConfig {
[CmdletBinding()]
param(
[Parameter()]
[string]$Server,
[string]$Servername,
[string]$Tag='winevt.raw',
[int]$Port=443
)
$ConfigFileBasline = "
#==============================================================================
# FluentD (aka td-agent) - Azusa Pacific University
#==============================================================================
#--------------------------------------
# INPUT PLUGINS
#--------------------------------------
<source>
@type windows_eventlog2
@id windows_eventlog2
channels application,system,security
read_existing_events false
parse_description true
read_interval 2
tag $Tag
rate_limit 300
<storage>
persistent true
path C:\opt\td-agent\winevt.pos
</storage>
<subscribe>
channels application,system,security
read_existing_events false
</subscribe>
</source>
#--------------------------------------
# FILTER PLUGIN
#--------------------------------------
# This is used to ensure compatibility with elasticsearch and graylog.
<filter **>
@type record_transformer
<record>
message `${record[`"DescriptionTitle`"]}
</record>
</filter>
#--------------------------------------
# OUTPUT PLUGINS
#--------------------------------------
## Forward to central fluent aggregator
<match **>
@type copy
<store>
@type stdout
</store>
<store>
@type forward
send_timeout 5s
recover_wait 10s
heartbeat_interval 1s
phi_threshold 16
hard_timeout 60s
<server>
name $(if ($ServerName){$ServerName}else{$Server})
host $Server
port $Port
</server>
<secondary>
@type file
path C:/opt/td-agent/forward-failed
</secondary>
<buffer>
@type file
path C:/opt/td-agent/fluent.general
flush_interval 10s
</buffer>
</store>
</match>
"
Out-File -Encoding utf8 -Force -FilePath "C:\opt\td-agent\etc\td-agent\td-agent.conf" -InputObject $ConfigFileBasline
}