99 строки
2.8 KiB
Markdown
99 строки
2.8 KiB
Markdown
# fluent-plugin-azuremonitorlog, a plugin for [Fluentd](http://fluentd.org)
|
|
## Overview
|
|
|
|
[Azure Monitor log](https://docs.microsoft.com/en-us/rest/api/monitor/ActivityLogs/List) input plugin.
|
|
|
|
This plugin gets the monitor activity logs from Azure Monitor API to fluentd.
|
|
|
|
## Installation
|
|
|
|
To use this plugin, you need to have Azure Service Principal.<br/>
|
|
Create an Azure Service Principal through [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?toc=%2fazure%2fazure-resource-manager%2ftoc.json) or [Azure portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal).
|
|
|
|
Install plugin from RubyGems:
|
|
```
|
|
$ gem install fluent-plugin-azuremonitorlog
|
|
```
|
|
|
|
## Configuration
|
|
|
|
```config
|
|
<source>
|
|
@type azuremonitorlog
|
|
tag azuremonitorlog
|
|
tenant_id [Azure_Tenant_ID]
|
|
subscription_id [Azure_Subscription_Id]
|
|
client_id [Azure_Client_Id]
|
|
client_secret [Azure_Client_Secret]
|
|
|
|
select [selected fields to query]
|
|
filter [filter the query query] (default: eventChannels eq 'Admin, Operation')
|
|
interval [interval in seconds] (default: 300)
|
|
api_version [api version] (default: 2015-04-01)
|
|
</source>
|
|
```
|
|
|
|
Documentation for select and filter can be found [here](https://docs.microsoft.com/en-us/rest/api/monitor/ActivityLogs/List#activitylogs_list_uri_parameters)
|
|
|
|
### Example for source config
|
|
|
|
```config
|
|
<source>
|
|
@type azuremonitorlog
|
|
tag azuremonitorlog
|
|
tenant_id [Azure_Tenant_ID]
|
|
subscription_id [Azure_Subscription_Id]
|
|
client_id [Azure_Client_Id]
|
|
client_secret [Azure_Client_Secret]
|
|
select_filter eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level
|
|
</source>
|
|
|
|
```
|
|
Start fluentd:
|
|
|
|
```
|
|
$ fluentd -c ./fluentd.conf
|
|
```
|
|
|
|
output example:
|
|
```
|
|
{
|
|
"correlationId": "00000000-0000-0000-0000-000000000000",
|
|
"eventName": {
|
|
"value": "EndRequest",
|
|
"localizedValue": "End request"
|
|
},
|
|
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/myresourcegroup/events/00000000-0000-0000-0000-000000000000/ticks/636444295616045190",
|
|
"resourceGroupName": "myresourcegroup",
|
|
"resourceProviderName": {
|
|
"value": "Microsoft.Resources",
|
|
"localizedValue": "Microsoft Resources"
|
|
},
|
|
"operationName": {
|
|
"value": "Microsoft.Resources/subscriptions/resourcegroups/write",
|
|
"localizedValue": "Update resource group"
|
|
},
|
|
"status": {
|
|
"value": "Succeeded",
|
|
"localizedValue": "Succeeded"
|
|
},
|
|
"eventTimestamp": "2017-10-24T08:12:41.604519Z"
|
|
}
|
|
```
|
|
|
|
## Test
|
|
|
|
Run tests:
|
|
|
|
```
|
|
$ rake test
|
|
```
|
|
|
|
## Contributing
|
|
|
|
1. Fork it
|
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
3. Commit your changes (`git commit -am 'Added some feature'`)
|
|
4. Push to the branch (`git push origin my-new-feature`)
|
|
5. Create new Pull Request
|