Forward is the protocol used by Fluentd to route messages between peers. The forward output plugin provides interoperability between Fluent Bit and Fluentd. There are no configuration steps required besides specifying where Fluentd is located, which can be a local or a remote destination.
This plugin offers two different transports and modes:
Forward (TCP): It uses a plain TCP connection.
Secure Forward (TLS): when TLS is enabled, the plugin switch to Secure Forward mode.
Configuration Parameters
The following parameters are mandatory for either Forward for Secure Forward modes:
Key
Description
Default
Host
Target host where Fluent-Bit or Fluentd are listening for Forward messages.
127.0.0.1
Port
TCP Port of the target service.
24224
Time_as_Integer
Set timestamps in integer format, it enable compatibility mode for Fluentd v0.12 series.
False
Upstream
If Forward will connect to an Upstream instead of a simple host, this property defines the absolute path for the Upstream configuration file, for more details about this refer to the Upstream Servers documentation section.
Unix_Path
Specify the path to unix socket to send a Forward message. If set, Upstream is ignored.
Tag
Overwrite the tag as we transmit. This allows the receiving pipeline start fresh, or to attribute source.
Send_options
Always send options (with "size"=count of messages)
False
Require_ack_response
Send "chunk"-option and wait for "ack" response from server. Enables at-least-once and receiving server can control rate of traffic. (Requires Fluentd v0.14.0+ server)
False
Compress
Set to 'gzip' to enable gzip compression. Incompatible with Time_as_Integer=True and tags set dynamically using the Rewrite Tag filter. Requires Fluentd server v0.14.7 or later.
none
Workers
The number of workers to perform flush operations for this output.
2
Secure Forward Mode Configuration Parameters
When using Secure Forward mode, the TLS mode requires to be enabled. The following additional configuration parameters are available:
Key
Description
Default
Shared_Key
A key string known by the remote Fluentd used for authorization.
Empty_Shared_Key
Use this option to connect to Fluentd with a zero-length secret.
False
Username
Specify the username to present to a Fluentd server that enables user_auth.
Password
Specify the password corresponding to the username.
Self_Hostname
Default value of the auto-generated certificate common name (CN).
localhost
tls
Enable or disable TLS support
Off
tls.verify
Force certificate validation
On
tls.debug
Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose
1
tls.ca_file
Absolute path to CA certificate file
tls.crt_file
Absolute path to Certificate file.
tls.key_file
Absolute path to private Key file.
tls.key_passwd
Optional password for tls.key_file file.
Forward Setup
Before proceeding, make sure that Fluentd is installed, if it's not the case please refer to the following Fluentd Installation document and go ahead with that.
Once Fluentd is installed, create the following configuration file example that will allow us to stream data into it:
<source>
type forward
bind 0.0.0.0
port 24224
</source>
<match fluent_bit>
type stdout
</match>
That configuration file specifies that it will listen for TCP connections on the port 24224 through the forward input type. Then for every message with a fluent_bitTAG, will print the message to the standard output.
In one terminal launch Fluentd specifying the new configuration file created:
$fluentd-ctest.conf2017-03-2311:50:43-0600 [info]: reading config file path="test.conf"2017-03-2311:50:43-0600 [info]: starting fluentd-0.12.332017-03-2311:50:43-0600 [info]: gem 'fluent-mixin-config-placeholders' version '0.3.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-docker' version '0.1.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-elasticsearch' version '1.4.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-flatten-hash' version '0.2.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-flowcounter-simple' version '0.0.4'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-influxdb' version '0.2.8'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-json-in-json' version '0.1.4'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-mongo' version '0.7.10'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-out-http' version '0.1.3'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-parser' version '0.6.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-record-reformer' version '0.7.0'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '1.5.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-stdin' version '0.1.1'2017-03-2311:50:43-0600 [info]: gem 'fluent-plugin-td' version '0.10.27'2017-03-2311:50:43-0600 [info]: adding match pattern="fluent_bit" type="stdout"2017-03-2311:50:43-0600 [info]: adding source type="forward"2017-03-2311:50:43-0600 [info]: using configuration file: <ROOT><source>typeforwardbind0.0.0.0port24224</source><matchfluent_bit>typestdout</match></ROOT>2017-03-2311:50:43-0600 [info]: listening fluent socket on 0.0.0.0:24224
Fluent Bit + Forward Setup
Now that Fluentd is ready to receive messages, we need to specify where the forward output plugin will flush the information using the following format:
bin/fluent-bit -i INPUT -o forward://HOST:PORT
If the TAG parameter is not set, the plugin will retain the tag. Keep in mind that TAG is important for routing rules inside Fluentd.
Using the CPU input plugin as an example we will flush CPU metrics to Fluentd with tag fluent_bit:
So we gathered CPU metrics and flushed them out to Fluentd properly.
Fluent Bit + Secure Forward Setup
DISCLAIMER: the following example does not consider the generation of certificates for best practice on production environments.
Secure Forward aims to provide a secure channel of communication with the remote Fluentd service using TLS.
Fluent Bit
Paste this content in a file called flb.conf:
[SERVICE]
Flush 5
Daemon off
Log_Level info
[INPUT]
Name cpu
Tag cpu_usage
[OUTPUT]
Name forward
Match *
Host 127.0.0.1
Port 24284
Shared_Key secret
Self_Hostname flb.local
tls on
tls.verify off