log-export-container 1.0.53

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8a8a98cd6e60c7e4fc0ebdadb63e8d2aa1bcb347726070f3de9939efaf17ef61
+  data.tar.gz: 1748c27a2a52c77731f8036b4933703301a13eb5c908b1a36efde46254f76d97
+SHA512:
+  metadata.gz: f326147c735245fa03540e2350e7b567628cced9af4a5f89a24b60f0b00a0a49ad26f13bc07577ee4c98458152dc1ac52a366233a52b3b08d7244e6e243331e2
+  data.tar.gz: f638b901721d0665c22279d56091e215c97d80d614d984722f7810a5538fc7e2cf929fa53e4beb9341299fa00cf1fe3800f5899f63a16f9b10cae5ce69532fd5

data/bin/log-export-container

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+
+bin_dir = File.expand_path(File.dirname(__FILE__))
+
+ENV['FLUENTD_DIR'] = bin_dir + '/../fluentd'
+ENV['LOG_EXPORT_CONTAINER_INPUT'] = ENV['LOG_EXPORT_CONTAINER_INPUT'] || 'syslog-json'
+ENV['LOG_EXPORT_CONTAINER_OUTPUT'] = ENV['LOG_EXPORT_CONTAINER_OUTPUT'] || 'stdout'
+
+start_script_path = File.join(bin_dir, '../start.rb')
+
+require start_script_path

data/conf-utils.rb

@@ -0,0 +1,106 @@
+
+require_relative './fluentd/scripts/dump_sdm_entities'
+
+SUPPORTED_STORES = "stdout remote-syslog s3 cloudwatch splunk-hec datadog azure-loganalytics sumologic kafka mongo logz loki elasticsearch-8 bigquery"
+
+def extract_value(str)
+  unless str
+    str = ""
+  end
+  str.gsub(/ /, "").downcase
+end
+
+def extract_entity_interval(entity)
+  if entity == 'activities'
+    extract_interval = extract_activities_interval
+    return extract_interval ? "#{extract_interval}m" : ""
+  end
+  entity_interval_match = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'].to_s.match /#{entity}\/(\d+)/
+  interval = entity_interval_match ? entity_interval_match[1] : 480
+  "#{interval}m"
+end
+
+def monitoring_conf
+  monitoring_enabled = extract_value(ENV['LOG_EXPORT_CONTAINER_ENABLE_MONITORING']) == "true"
+  if monitoring_enabled
+    File.read("#{ETC_DIR}/monitoring.conf")
+  end
+end
+
+def output_stores_conf
+  conf = ""
+  output_types = extract_value(ENV['LOG_EXPORT_CONTAINER_OUTPUT'])
+  stores = SUPPORTED_STORES.split(' ')
+  stores.each do |store|
+    if output_types.include?(store)
+      conf = "#{conf}#{store} "
+    end
+  end
+  if conf == ""
+    return "stdout"
+  end
+  conf
+end
+
+def input_conf
+  conf = extract_value(ENV['LOG_EXPORT_CONTAINER_INPUT'])
+  if conf != ""
+    filename = "#{ETC_DIR}/input-#{conf}.conf"
+  else
+    filename = "#{ETC_DIR}/input-syslog-json.conf"
+  end
+  File.read(filename)
+end
+
+def decode_chunk_events_conf
+  conf = extract_value(ENV['LOG_EXPORT_CONTAINER_INPUT'])
+  decode_chunks_enabled = extract_value(ENV['LOG_EXPORT_CONTAINER_DECODE_CHUNK_EVENTS']) == "true"
+  if (conf == "syslog-json" || conf == "tcp-json") && decode_chunks_enabled
+    File.read("#{ETC_DIR}/input-json-chunk.conf")
+  end
+end
+
+def input_extract_audit_entities_conf(entity)
+  extract_activities = extract_value(ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES'])
+  extract_entities = extract_value(ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'])
+  if entity == "activities" && extract_activities != "true" && !extract_entities.match(/activities/)
+    return
+  elsif entity != "activities" && !extract_entities.match(/#{entity}/)
+    return
+  end
+  read_file = File.read("#{ETC_DIR}/input-extract-audit-entities.conf")
+  read_file['$tag'] = AUDIT_ENTITY_TYPES[entity]
+  read_file['$interval'] = extract_entity_interval(entity)
+  read_file.gsub!("$entity", entity)
+  read_file
+end
+
+def default_classify_conf
+  conf = extract_value(ENV['LOG_EXPORT_CONTAINER_INPUT'])
+  if conf == "syslog-csv" || conf == "tcp-csv" || conf == "file-csv"
+    filename = "#{ETC_DIR}/classify-default-csv.conf"
+  else
+    filename = "#{ETC_DIR}/classify-default-json.conf"
+  end
+  File.read(filename)
+end
+
+def custom_classify_conf
+  conf = extract_value(ENV['LOG_EXPORT_CONTAINER_INPUT'])
+  if conf == "syslog-csv"
+    File.read("#{ETC_DIR}/classify-syslog-csv.conf")
+  elsif conf == "tcp-csv" || conf == "file-csv"
+    File.read("#{ETC_DIR}/classify-tcp-csv.conf")
+  end
+end
+
+def output_conf
+  output_content = []
+  stores = output_stores_conf.split(' ')
+  stores.each do |store|
+    output_content << File.read("#{ETC_DIR}/output-#{store}.conf")
+  end
+  template = File.read("#{ETC_DIR}/output-template.conf")
+  template["$stores"] = output_content.join("")
+  template
+end

data/create-conf.rb

@@ -0,0 +1,22 @@
+
+ETC_DIR="#{ENV['FLUENTD_DIR']}/etc"
+
+require_relative './conf-utils'
+
+def create_file
+  File.open("#{ETC_DIR}/fluent.conf", "w") do |f|
+    f.write(input_conf)
+    f.write(monitoring_conf)
+    f.write(input_extract_audit_entities_conf("activities"))
+    f.write(input_extract_audit_entities_conf("resources"))
+    f.write(input_extract_audit_entities_conf("users"))
+    f.write(input_extract_audit_entities_conf("roles"))
+    f.write(default_classify_conf)
+    f.write(custom_classify_conf)
+    f.write(File.read("#{ETC_DIR}/process.conf"))
+    f.write(decode_chunk_events_conf)
+    f.write(output_conf)
+  end
+end
+
+create_file

data/fluentd/etc/classify-default-csv.conf

@@ -0,0 +1,39 @@
+# line format: 2021-06-17T19:06:28Z ip-172-31-3-25 strongDM[44495]: 2021-06-17 19:06:28.017624404 +0000 UTC,start,01sfRGaM7BDXf3nQgxxpIpKU7YS7,rs-26a4c33360a277fe,docker-postgres,a-0326fcc060460b7d,Rodolfo Campos,select 'a';,817fa457ceb5e2c1869e011611651e8f8f945584
+<match log.**>
+  @type     rewrite_tag_filter
+  <rule>
+    key     2
+    pattern /start/
+    tag     class.start
+  </rule>
+  <rule>
+    key     2
+    pattern /complete/
+    tag     class.complete
+  </rule>
+  <rule>
+    key     2
+    pattern /chunk/
+    tag     class.chunk
+  </rule>
+  <rule>
+    key     2
+    pattern /postStart/
+    tag     class.postStart
+  </rule>
+  <rule>
+    key     2
+    pattern /event/
+    tag     class.event
+  </rule>
+  <rule>
+    key     8
+    pattern /activity/
+    tag     class.activity
+  </rule>
+  <rule>
+    key     2
+    pattern /.*/
+    tag     unclass
+  </rule>
+</match>

data/fluentd/etc/classify-default-json.conf

@@ -0,0 +1,38 @@
+<match log.**>
+  @type     rewrite_tag_filter
+  <rule>
+    key     type
+    pattern /start/
+    tag     class.start
+  </rule>
+  <rule>
+    key     type
+    pattern /complete/
+    tag     class.complete
+  </rule>
+  <rule>
+    key     type
+    pattern /completed/
+    tag     class.completed
+  </rule>
+  <rule>
+    key     type
+    pattern /chunk/
+    tag     class.chunk
+  </rule>
+  <rule>
+    key     type
+    pattern /postStart/
+    tag     class.postStart
+  </rule>
+  <rule>
+    key     type
+    pattern /activity/
+    tag     class.activity
+  </rule>
+  <rule>
+    key     type
+    pattern /.*/
+    tag     unclass
+  </rule>
+</match>

data/fluentd/etc/classify-syslog-csv.conf

@@ -0,0 +1,94 @@
+# json: {"type":"start","timestamp":"2021-06-23T15:09:03.781664039Z","uuid":"01uM2484l9xAgB88xziqJnIUNjRi","datasourceId":"rs-26a4c33360a277fe","datasourceName":"docker-postgres","userId":"a-0326fcc060460b7d","userName":"Rodolfo Me Campos","query":"select 'b'","hash":"f8bbb2eb1bc17242501ebcba710eaa12325d74fd"}
+<filter class.start>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].scan(/([0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+Z).*/).last.first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    datasourceId    ${record["4"]}
+    datasourceName  ${record["5"]}
+    userId          ${record["6"]}
+    userName        ${record["7"]}
+    query           ${record["8"]}
+    hash            ${record["9"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"complete","timestamp":"2021-06-23T14:59:54.59849408Z","uuid":"s1uM0wXlLGCPs9LMWhQ9dDaUUj3l","duration":5529,"records":0}
+<filter class.complete>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].scan(/([0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+Z).*/).last.first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    duration        ${record["4"]}
+    records         ${record["5"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"chunk","timestamp":"2021-06-23T15:08:01.495154973Z","uuid":"s1uM1vhfg8KpZlVshQqw1d0nl0QH","chunkId":1,"events":[{"duration":313,"data":"V2VsY29tZSB0byBPcGVuU1NIIFNlcnZlcg0KDQobWz8yMDA0aG9w"},{"duration":0,"data":"ZW5zc2gtc2VydmVyOn4kIA=="},{"duration":1199,"data":"cA=="},{"duration":974,"data":"dw=="},{"duration":338,"data":"ZA=="},{"duration":397,"data":"DQobWz8yMDA0bA0vY29uZmlnDQobWz8yMDA0aG9wZW5zc2gtc2VydmVyOn4kIA=="},{"duration":1466,"data":"ZQ=="},{"duration":146,"data":"eGk="},{"duration":141,"data":"dA=="},{"duration":420,"data":"DQobWz8yMDA0bA1sb2dvdXQNCg=="}],"hash":"f45cb5bf8606ebf22514b8c1e010c13eecf2a1cc"}
+<filter class.chunk>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].scan(/([0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+Z).*/).last.first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    chunkId         ${record["4"]}
+    events          ${record["5"]}
+    hash            ${record["6"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"postStart","timestamp":"2021-06-23T14:59:54.598376207Z","uuid":"s1uM0wXlLGCPs9LMWhQ9dDaUUj3l","query":"{\"version\":1,\"width\":114,\"height\":24,\"duration\":5.173268588,\"command\":\"\",\"title\":null,\"env\":{\"TERM\":\"xterm-256color\"},\"type\":\"shell\",\"fileName\":null,\"fileSize\":0,\"stdout\":null,\"lastChunkId\":0,\"clientCommand\":null,\"pod\":null,\"container\":null,\"requestMethod\":\"\",\"requestURI\":\"\",\"requestBody\":null}\n","hash":"ee0dd41a2613a2d85029129439d266367ca6740d"}
+<filter class.postStart>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].scan(/([0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+Z).*/).last.first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    query           ${record["4"]}
+    hash            ${record["5"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# line: {"1":"2021-06-23T15:26:40Z ip-172-31-3-25 strongDM[861498]: 2021-06-23 15:26:40.110527179 +0000 UTC","2":"event","3":"s1uM4CVcUdhvRB0bnm8yBqcme47c","4":"1","5":"329","6":"V2VsY29tZSB0byBPcGVuU1NIIFNlcnZlcg0KDQobWz8yMDA0aA==","7":null,"8":null,"9":null}
+<filter class.event>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].scan(/([0-9]+-[0-9]+-[0-9]+T[0-9]+:[0-9]+:[0-9]+Z).*/).last.first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    undef           ${record["4"]} # TODO validate field name
+    duration        ${record["5"]}
+    data            ${record["6"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# line: {"1":"2022-06-16 13:34:56.502034 +0000 UTC","2":"xxx.xxx.xxx.xxx","3":"a-xxx","4":"Admin token","5":"user logged into the local client","6":"Admin token logged into the local client.","7":"activity","8":null,"9":null,"sourceAddress":"127.0.0.1","sourceHostname":"localhost"}
+<filter class.activity>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    ip_address      ${record["2"]}
+    actorUserID     ${record["3"]}
+    actorName       ${record["4"]}
+    activity        ${record["5"]}
+    description     ${record["6"]}
+    objects         ${record["7"]}
+    type            ${record["8"]}
+    sourceAddress   ${record["sourceAddress"]}
+    sourceHostname  ${record["sourceHostname"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>

data/fluentd/etc/classify-tcp-csv.conf

@@ -0,0 +1,89 @@
+# json: {"type":"start","timestamp":"2021-06-23 14:59:54.59849408 0000 +UTC","uuid":"01uM2484l9xAgB88xziqJnIUNjRi","datasourceId":"rs-26a4c33360a277fe","datasourceName":"docker-postgres","userId":"a-0326fcc060460b7d","userName":"Rodolfo Me Campos","query":"select 'b'","hash":"f8bbb2eb1bc17242501ebcba710eaa12325d74fd"}
+<filter class.start>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    datasourceId    ${record["4"]}
+    datasourceName  ${record["5"]}
+    userId          ${record["6"]}
+    userName        ${record["7"]}
+    query           ${record["8"]}
+    hash            ${record["9"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"complete","timestamp":"2021-06-23 14:59:54.59849408 0000 +UTC","uuid":"s1uM0wXlLGCPs9LMWhQ9dDaUUj3l","duration":5529,"records":0}
+<filter class.complete>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    duration        ${record["4"]}
+    records         ${record["5"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"complete","timestamp":"2021-06-23 14:59:54.59849408 0000 +UTC","uuid":"s1uM0wXlLGCPs9LMWhQ9dDaUUj3l","duration":5529,"records":0}
+<filter class.completed>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    duration        ${record["4"]}
+    records         ${record["5"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"chunk","timestamp":"2021-06-23 14:59:54.59849408 0000 +UTC","uuid":"s1uM1vhfg8KpZlVshQqw1d0nl0QH","chunkId":1,"events":[{"duration":313,"data":"V2VsY29tZSB0byBPcGVuU1NIIFNlcnZlcg0KDQobWz8yMDA0aG9w"},{"duration":0,"data":"ZW5zc2gtc2VydmVyOn4kIA=="},{"duration":1199,"data":"cA=="},{"duration":974,"data":"dw=="},{"duration":338,"data":"ZA=="},{"duration":397,"data":"DQobWz8yMDA0bA0vY29uZmlnDQobWz8yMDA0aG9wZW5zc2gtc2VydmVyOn4kIA=="},{"duration":1466,"data":"ZQ=="},{"duration":146,"data":"eGk="},{"duration":141,"data":"dA=="},{"duration":420,"data":"DQobWz8yMDA0bA1sb2dvdXQNCg=="}],"hash":"f45cb5bf8606ebf22514b8c1e010c13eecf2a1cc"}
+<filter class.chunk>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    chunkId         ${record["4"]}
+    events          ${record["5"]}
+    hash            ${record["6"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# json: {"type":"postStart","timestamp":"2021-06-23 14:59:54.59849408 0000 +UTC","uuid":"s1uM0wXlLGCPs9LMWhQ9dDaUUj3l","query":"{\"version\":1,\"width\":114,\"height\":24,\"duration\":5.173268588,\"command\":\"\",\"title\":null,\"env\":{\"TERM\":\"xterm-256color\"},\"type\":\"shell\",\"fileName\":null,\"fileSize\":0,\"stdout\":null,\"lastChunkId\":0,\"clientCommand\":null,\"pod\":null,\"container\":null,\"requestMethod\":\"\",\"requestURI\":\"\",\"requestBody\":null}\n","hash":"ee0dd41a2613a2d85029129439d266367ca6740d"}
+<filter class.postStart>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    query           ${record["4"]}
+    hash            ${record["5"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>
+
+# line: {"1":"2021-06-23T15:26:40Z ip-172-31-3-25 strongDM[861498]: 2021-06-23 15:26:40.110527179 +0000 UTC","2":"event","3":"s1uM4CVcUdhvRB0bnm8yBqcme47c","4":"1","5":"329","6":"V2VsY29tZSB0byBPcGVuU1NIIFNlcnZlcg0KDQobWz8yMDA0aA==","7":null,"8":null,"9":null}
+<filter class.event>
+  @type             record_transformer
+  enable_ruby       true
+  <record>
+    timestamp       ${record["1"].split('.').first}
+    type            ${record["2"]}
+    uuid            ${record["3"]}
+    undef           ${record["4"]} # TODO validate field name
+    duration        ${record["5"]}
+    data            ${record["6"]}
+  </record>
+  remove_keys       1,2,3,4,5,6,7,8,9
+</filter>

data/fluentd/etc/input-extract-audit-entities.conf

@@ -0,0 +1,9 @@
+<source>
+  @type exec
+  <parse>
+    @type json
+  </parse>
+  tag $tag
+  run_interval $interval
+  command "ruby #{ENV['FLUENTD_DIR']}/scripts/dump_sdm_entities.rb $entity"
+</source>

data/fluentd/etc/input-file-csv.conf

@@ -0,0 +1,10 @@
+<source>
+  @type tail
+  path "#{ENV['LOG_FILE_PATH']}"
+  pos_file "#{ENV['LOG_FILE_PATH']}.pos"
+  tag log
+  <parse>
+    @type csv
+    keys  1,2,3,4,5,6,7,8,9
+  </parse>
+</source>

data/fluentd/etc/input-file-json.conf

@@ -0,0 +1,9 @@
+<source>
+  @type tail
+  path "#{ENV['LOG_FILE_PATH']}"
+  pos_file "#{ENV['LOG_FILE_PATH']}.pos"
+  tag log
+  <parse>
+    @type sdm_json
+  </parse>
+</source>

data/fluentd/etc/input-json-chunk.conf

@@ -0,0 +1,3 @@
+<filter class.chunk>
+  @type sdm_decode_chunk_events
+</filter>

data/fluentd/etc/input-syslog-csv.conf

@@ -0,0 +1,13 @@
+<source>
+  @type                 syslog
+  protocol_type         tcp
+  port                  5140
+  bind                  0.0.0.0
+  tag                   log
+  source_hostname_key   sourceHostname
+  source_address_key    sourceAddress
+  <parse>
+    @type               csv
+    keys                1,2,3,4,5,6,7,8,9
+  </parse>
+</source>

data/fluentd/etc/input-syslog-json.conf

@@ -0,0 +1,12 @@
+<source>
+  @type                 syslog
+  protocol_type         tcp
+  port                  5140
+  bind                  0.0.0.0
+  tag                   log
+  source_hostname_key   sourceHostname
+  source_address_key    sourceAddress
+  <parse>
+    @type               sdm_json
+  </parse>
+</source>

data/fluentd/etc/input-tcp-csv.conf

@@ -0,0 +1,12 @@
+<source>
+  @type                 tcp
+  tag                   log # required
+  port                  5140
+  bind                  0.0.0.0
+  source_hostname_key   sourceHostname
+  source_address_key    sourceAddress
+  <parse>
+    @type               csv
+    keys                1,2,3,4,5,6,7,8,9
+  </parse>
+</source>

data/fluentd/etc/input-tcp-json.conf

@@ -0,0 +1,11 @@
+<source>
+  @type                 tcp
+  tag                   log # required
+  port                  5140
+  bind                  0.0.0.0
+  source_hostname_key   sourceHostname
+  source_address_key    sourceAddress
+  <parse>
+    @type               sdm_json
+  </parse>
+</source>

data/fluentd/etc/monitoring.conf

@@ -0,0 +1,25 @@
+<source>
+  @type prometheus
+  bind 0.0.0.0
+  port 24321
+  metrics_path /metrics
+</source>
+<source>
+  @type prometheus_output_monitor
+  interval 10
+  <labels>
+    hostname ${hostname}
+  </labels>
+</source>
+<filter class.**>
+  @type prometheus
+  <metric>
+    name fluentd_input_status_num_records_total
+    type counter
+    desc The total number of incoming records
+    <labels>
+      tag ${tag}
+      hostname ${hostname}
+    </labels>
+  </metric>
+</filter>

data/fluentd/etc/output-azure-loganalytics.conf

@@ -0,0 +1,9 @@
+<store>
+  @type               azure-loganalytics
+  customer_id         "#{ENV['AZURE_LOGANALYTICS_CUSTOMER_ID']}"
+  shared_key          "#{ENV['AZURE_LOGANALYTICS_SHARED_KEY']}"
+  log_type            sdm
+
+  # for more config options 
+  # see https://github.com/yokawasa/fluent-plugin-azure-loganalytics
+</store>

data/fluentd/etc/output-bigquery.conf

@@ -0,0 +1,13 @@
+<store>
+  @type bigquery_insert
+  auth_method json_key
+  json_key "{\"private_key\": \"#{ENV['BIGQUERY_PRIVATE_KEY']}\", \"client_email\": \"#{ENV['BIGQUERY_CLIENT_EMAIL']}\"}"
+  ignore_unknown_values true
+
+  project "#{ENV['BIGQUERY_PROJECT_ID']}"
+  dataset "#{ENV['BIGQUERY_DATASET_ID']}"
+  table   "#{ENV['BIGQUERY_TABLE_ID']}"
+
+  # for more config options
+  # see https://github.com/fluent-plugins-nursery/fluent-plugin-bigquery
+</store>

data/fluentd/etc/output-cloudwatch.conf

@@ -0,0 +1,11 @@
+<store>
+  @type               cloudwatch_logs
+  aws_key_id          "#{ENV['AWS_ACCESS_KEY_ID']}"
+  aws_sec_key         "#{ENV['AWS_SECRET_ACCESS_KEY']}"
+  region              "#{ENV['AWS_REGION']}"
+  log_group_name      "#{ENV['CLOUDWATCH_LOG_GROUP_NAME']}"
+  log_stream_name     "#{ENV['CLOUDWATCH_LOG_STREAM_NAME']}"
+  auto_create_stream  true
+  # for more config options 
+  # see https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-logs
+</store>

data/fluentd/etc/output-datadog.conf

@@ -0,0 +1,10 @@
+<store>
+  @type               datadog
+  @id                 "#{ENV['HOSTNAME']}"
+  api_key             "#{ENV['DATADOG_API_KEY']}"
+
+  dd_source           'sdm'
+  
+  # for more config options 
+  # see https://github.com/DataDog/fluent-plugin-datadog
+</store>

data/fluentd/etc/output-elasticsearch-8.conf

@@ -0,0 +1,5 @@
+<store>
+  @type elasticsearch
+  hosts "#{ENV['ELASTICSEARCH_HOSTS']}"
+  index_name "#{ENV['ELASTICSEARCH_INDEX_NAME']}"
+</store>

data/fluentd/etc/output-kafka.conf

@@ -0,0 +1,11 @@
+<store>
+  @type               kafka2
+  brokers             "#{ENV['KAFKA_BROKERS']}"
+  topic               "#{ENV['KAFKA_TOPIC']}"
+
+  <format>
+    @type             "#{ENV['KAFKA_FORMAT_TYPE'] || 'json'}"
+  </format>
+  # for more config options 
+  # see https://github.com/fluent/fluent-plugin-kafka
+</store>

data/fluentd/etc/output-logz.conf

@@ -0,0 +1,8 @@
+<store>
+    @type logzio_buffered
+
+    endpoint_url "#{ENV['LOGZ_ENDPOINT']}"
+
+    output_include_time true
+    output_include_tags true
+</store>

data/fluentd/etc/output-loki.conf

@@ -0,0 +1,5 @@
+<store>
+  @type loki
+  url "#{ENV['LOKI_URL']}"
+  extra_labels {"sdm": "log-export-container"}
+</store>

data/fluentd/etc/output-mongo.conf

@@ -0,0 +1,9 @@
+<store>
+  @type mongo
+  connection_string "#{ENV['MONGO_URI']}"
+  collection "#{ENV['MONGO_COLLECTION'] || 'sdm_logs'}"
+  remove_tag_prefix class.
+  <buffer>
+    flush_interval 10s
+  </buffer>
+</store>

data/fluentd/etc/output-remote-syslog.conf

@@ -0,0 +1,11 @@
+<store> 
+  @type remote_syslog 
+  host "#{ENV['REMOTE_SYSLOG_HOST']}"
+  port "#{ENV['REMOTE_SYSLOG_PORT']}"
+  protocol "#{ENV['REMOTE_SYSLOG_PROTOCOL'] || 'tcp'}"
+  packet_size 16384
+
+  <format>
+    @type json
+  </format>
+</store>

data/fluentd/etc/output-s3.conf

@@ -0,0 +1,15 @@
+<store>
+  @type               s3
+  aws_key_id          "#{ENV['AWS_ACCESS_KEY_ID']}"
+  aws_sec_key         "#{ENV['AWS_SECRET_ACCESS_KEY']}"
+  s3_bucket           "#{ENV['S3_BUCKET']}"
+  s3_region           "#{ENV['S3_REGION']}"
+  path                "#{ENV['S3_PATH']}/#{ENV['HOSTNAME']}"
+  <buffer>
+    @type             memory
+    # for more config options 
+    # see https://docs.fluentd.org/configuration/buffer-section
+    timekey           1h
+    timekey_wait      5m
+  </buffer>
+</store>