Nix
Reputation: 1
parse_audit_log not working with td-agent
I have installed the td-agent with version td-agent-4.1.0-1.el7.x86_64 on CentOS7. I'm not able to load the gem.
# td-agent-gem install fluent-plugin-filter-parse-audit-log
Fetching fluent-plugin-filter-parse-audit-log-0.1.2.gem
Fetching audit_log_parser-0.1.3.gem
Successfully installed audit_log_parser-0.1.3
Successfully installed fluent-plugin-filter-parse-audit-log-0.1.2
Parsing documentation for audit_log_parser-0.1.3
Installing ri documentation for audit_log_parser-0.1.3
Parsing documentation for fluent-plugin-filter-parse-audit-log-0.1.2
Installing ri documentation for fluent-plugin-filter-parse-audit-log-0.1.2
Done installing documentation for audit_log_parser, fluent-plugin-filter-parse-audit-log after 0 seconds
2 gems installed
Input config:
<source>
@type tail
path /var/log/audit/audit.log
pos_file /var/log/td-agent/audit.pos
tag syslog.audit
<parse>
@type parse_audit_log
</parse>
</source>
Error to load parse_audit_log
# /opt/td-agent/bin/fluentd --dry-run --config /etc/td-agent/td-agent.conf
2021-03-24 15:01:19 +0000 [info]: parsing config file is succeeded path="/etc/td-agent/td-agent.conf"
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '4.3.3'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-filter-parse-audit-log' version '0.1.2'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-flowcounter-simple' version '0.1.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-kafka' version '0.16.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-prometheus' version '1.8.5'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-prometheus_pushgateway' version '0.0.2'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-record-modifier' version '2.1.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '2.3.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-s3' version '1.5.1'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-sd-dns' version '0.1.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-systemd' version '1.0.2'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-td' version '1.1.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluent-plugin-webhdfs' version '1.4.0'
2021-03-24 15:01:19 +0000 [info]: gem 'fluentd' version '1.12.1'
2021-03-24 15:01:19 +0000 [info]: starting fluentd-1.12.1 as dry run mode ruby="2.7.2"
2021-03-24 15:01:19 +0000 [warn]: [output_td] Use different plugin for secondary. Check the plugin works with primary like secondary_file primary="Fluent::Plugin::TreasureDataLogOutput" secondary="Fluent::Plugin::FileOutput"
2021-03-24 15:01:20 +0000 [error]: config error file="/etc/td-agent/td-agent.conf" error_class=Fluent::ConfigError error="Unknown parser plugin 'parse_audit_log'. Run 'gem search -rd fluent-plugin' to find plugins"
Could you please let me know what are the way to load plugins? I have followed the https://docs.fluentd.org/deployment/plugin-management#for-td-agent but still some issues while restarting the service with systemctl.
Upvotes: 0
Views: 723
Answers (0)
Related Questions
- Can Fluentd send logs to Logstash?
- kubernetes audit log filtering with fluentd and forwarding to Splunk
- Parsing nginx error log through fluentd
- EFK (Elasticsearch+Fluentd-(td-agent)+Kibana): Kibana not showing correct logs
- Enabling Fluentd Log rotation
- Connect aws-elasticssearch with fluentd using tdagent
- Starting td-agent for fluentd
- Fluentd log source
- Fluentd to Logstash output plugin
- Fluentd td-agent don't recognize custom plugin. Unknown input plugin