Provide fluentd service to ship logs to logging infrastructure

files/docker/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.9"
 services:
   dnscollector:
-    image: pdnssoc
+    image: ghcr.io/cern-cert/pdnssoc:edge
     command: >
       bash -c "mkdir -p /var/dnscollector/alerts
       && mkdir -p /var/dnscollector/matches
@@ -12,3 +12,12 @@ services:
     volumes:
       - ./logs:/var/dnscollector/ # Logging destination
       - ./pdnssoccli.yml:/etc/pdnssoccli.yml
+
+  # Uncomment to enable shipping to different logging systems
+  # e.g. Opensearch, kafka
+  #fluentd:
+  #  build: ./fluentd
+  #  volumes:
+  #    - ./fluentd:/fluentd/etc
+  #    - ./logs:/var/pDNSSOC/
+

files/docker/fluentd/Dockerfile

@@ -0,0 +1,3 @@
+FROM fluent/fluentd:v1.16.0-debian-1.0
+USER root
+RUN ["gem", "install", "fluent-plugin-opensearch", "--no-document"]

files/docker/fluentd/fluent.conf

@@ -0,0 +1,31 @@
+## match tag=debug.** and dump to console
+<match debug.**>
+  @type stdout
+  @id output_stdout
+</match>
+
+# Getting logs from pdnssoc to send to OpenSearch
+ <source>
+   @type tail
+   path /var/pDNSSOC/alerts/matches.json
+   tag pdnssoc
+   read_from_head true
+   pos_file /fluentd/etc/alerts.log.pos
+   <parse>
+     @type json
+   </parse>
+ </source>
+
+<match pdnssoc>
+  @type opensearch
+  hosts https://opensearch_instance
+  index_name ${tag}-%Y.%m.%d #=> e.g.) elastic.20170811
+  <buffer tag, time>
+    @type memory
+    flush_mode immediate
+    timekey 3600
+  </buffer>
+   user %{CHANGE_ME}
+  password %{CHANGE_ME}
+  ssl_verify false
+ </match>