diff --git a/files/docker/docker-compose.yml b/files/docker/docker-compose.yml
index 7903f25..4599cad 100644
--- a/files/docker/docker-compose.yml
+++ b/files/docker/docker-compose.yml
@@ -1,7 +1,7 @@
version: "3.9"
services:
dnscollector:
- image: pdnssoc
+ image: ghcr.io/cern-cert/pdnssoc:edge
command: >
bash -c "mkdir -p /var/dnscollector/alerts
&& mkdir -p /var/dnscollector/matches
@@ -12,3 +12,12 @@ services:
volumes:
- ./logs:/var/dnscollector/ # Logging destination
- ./pdnssoccli.yml:/etc/pdnssoccli.yml
+
+ # Uncomment to enable shipping to different logging systems
+ # e.g. Opensearch, kafka
+ #fluentd:
+ # build: ./fluentd
+ # volumes:
+ # - ./fluentd:/fluentd/etc
+ # - ./logs:/var/pDNSSOC/
+
diff --git a/files/docker/fluentd/Dockerfile b/files/docker/fluentd/Dockerfile
new file mode 100644
index 0000000..6121db1
--- /dev/null
+++ b/files/docker/fluentd/Dockerfile
@@ -0,0 +1,3 @@
+FROM fluent/fluentd:v1.16.0-debian-1.0
+USER root
+RUN ["gem", "install", "fluent-plugin-opensearch", "--no-document"]
\ No newline at end of file
diff --git a/files/docker/fluentd/fluent.conf b/files/docker/fluentd/fluent.conf
new file mode 100644
index 0000000..c11df00
--- /dev/null
+++ b/files/docker/fluentd/fluent.conf
@@ -0,0 +1,31 @@
+## match tag=debug.** and dump to console
+
+ @type stdout
+ @id output_stdout
+
+
+# Getting logs from pdnssoc to send to OpenSearch
+
+ @type tail
+ path /var/pDNSSOC/alerts/matches.json
+ tag pdnssoc
+ read_from_head true
+ pos_file /fluentd/etc/alerts.log.pos
+
+ @type json
+
+
+
+
+ @type opensearch
+ hosts https://opensearch_instance
+ index_name ${tag}-%Y.%m.%d #=> e.g.) elastic.20170811
+
+ @type memory
+ flush_mode immediate
+ timekey 3600
+
+ user %{CHANGE_ME}
+ password %{CHANGE_ME}
+ ssl_verify false
+