История

dicolanl abcc0ea3de Add loop to wait for extension installs		2021-07-28 16:40:44 +00:00
..
plugin	FluentD-VMSS	2020-03-23 13:22:03 -04:00
FluentD-VMSS-RH-Templatev2.json	Add loop to wait for extension installs	2021-07-28 16:40:44 +00:00
FluentD-VMSS-UB-Templatev2.json	Add loop to wait for extension installs	2021-07-28 16:40:44 +00:00
README.md	Updating Deploy buttons and links part 2	2021-06-16 01:40:49 +00:00
cloudinit-rh.txt	Add loop to wait for extension installs	2021-07-28 16:40:44 +00:00
cloudinit-ub.txt	Add loop to wait for extension installs	2021-07-28 16:40:44 +00:00
td-agent.conf	Update td-agent.conf	2020-04-21 10:08:47 -04:00

README.md

Scaleable SYSLOG CEF Collection using FluentD and VMSS

author: Nicholas DiCola

Sample is an ARM template that will deploy a Linux (RedHat or Unbuntu) Virtual Machine Scale Set with FluentD installed with a basic config. The FluentD config will listen on 5514 for SYSLOG CEF formatted messages. It will then get the GEOIP information for src or dst IP Addresses and copy the send time to agentRecieptTime. Lastly, it will output to the local Microsoft Monitoring Agent for ingestion to Azure Sentinel.

The ARM template will deploy everything needed:

Virtual Machine Scale
Autoscale settings
Storage Account
Network Security Group
Virtual Network
Subnet
Public IP Address
Load Balancer

The ARM template includes the cloud init files which runs commands on the VM instance when it is deployed.

NOTE: You will need to register for the Free GeoLite Database and provide a URL that cloud-init can download the datebase (GeoLite2-City.mmdb) it from. See https://dev.maxmind.com/geoip/geoip2/geolite2/

Deploy RedHat VMSS

Deploy to Azure Deploy to Azure Gov

Deploy Unbuntu VMSS

Deploy to Azure Deploy to Azure Gov