Fluentd / Fluent Bit Integration
Overview
Fluentd and Fluent Bit are open-source log collectors for unified logging at scale. KYRA MDR can receive logs from Fluentd/Fluent Bit for aggregating container, application, and infrastructure logs.
Prerequisites
- A KYRA MDR Collector installed and running
- Fluentd or Fluent Bit installed on log source hosts
- Network connectivity from Fluentd/Fluent Bit to the collector
- Ruby 2.7+ (for Fluentd)
Configuration
Configure Fluentd:
<source> @type tail path /var/log/syslog pos_file /var/log/td-agent/syslog.pos tag system.syslog <parse> @type syslog </parse></source>
<match **> @type forward <server> host <collector-ip> port 24224 </server> <buffer> @type file path /var/log/td-agent/buffer flush_interval 5s </buffer></match>Configure Fluent Bit:
[INPUT] Name tail Path /var/log/syslog Tag syslog
[OUTPUT] Name forward Match * Host <collector-ip> Port 24224Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| System Logs | OS syslog and journal events | Host monitoring |
| Container Logs | Docker and Kubernetes logs | Container security |
| Application | Custom application output | Application monitoring |
| Access Logs | Web server access logs | Web security analysis |
| Error Logs | Application error events | Incident detection |
| Metrics | System and app metrics | Performance monitoring |
Troubleshooting
No logs forwarded: Verify with fluentd --dry-run.
Buffer overflow: Configure file-based buffering and monitor disk usage.
Fluent Bit vs Fluentd: Use Fluent Bit for lightweight edge collection, Fluentd for aggregation.
Contact kyra@seekerslab.com for support.