Lightweight
Kịch bản 4 Multiple receivers → Multiple exporters
Hướng dẫn cấu hình nhiều nguồn log gửi tới nhiều destinations
Tổng quan
Đây là kịch bản cấu hình nâng cao, cho phép định tuyến dòng dữ liệu (Data Pipeline) một cách độc lập và linh hoạt. Sensor sẽ thu thập từ nhiều nguồn log khác nhau, sau đó phân phối chuẩn xác từng loại log đến các điểm nhận (Exporters) chuyên biệt hoặc phân tách thành các luồng chạy song song để đảm bảo tính sẵn sàng cao (High Availability).
Cấu hình chi tiết
1. Receivers (Bộ nhận) - Nhiều nguồn
receivers:
filelog/app: # Receiver 1: Application logs
include:
- /home/bacnt/logs/*.log # Collect từ thư mục ứng dụng
start_at: end
include_file_path: true # Thêm đường dẫn file
include_file_name: false
filelog/syslog: # Receiver 2: System logs
include:
- /var/log/syslog # Collect từ syslog
start_at: end
include_file_path: true
include_file_name: false
filelog/auth: # Receiver 3: Authentication logs
include:
- /var/log/auth.log # Collect từ auth log
start_at: end
include_file_path: true
include_file_name: false
2. Processors (Bộ xử lý)
3. Exporters (Bộ gửi) - Nhiều điểm đến
exporters:
otlphttp/primary: # Exporter 1: Platform chính
endpoint: ${PRIMARY_ENDPOINT}
logs_endpoint: ${PRIMARY_ENDPOINT}
headers:
x-api-key: ${PRIMARY_API_KEY}
Content-Type: "application/json"
timeout: 30s
encoding: json
otlphttp/backup: # Exporter 2: Platform backup
endpoint: ${BACKUP_ENDPOINT}
logs_endpoint: ${BACKUP_ENDPOINT}
headers:
x-api-key: ${BACKUP_API_KEY}
Content-Type: "application/json"
timeout: 30s
encoding: json
syslog: # Exporter 3: Syslog server
endpoint: syslog-server.company.com:514
protocol: rfc5424
format: json
4. Service Pipeline (Đường ống xử lý)
extensions:
health_check:
endpoint: localhost:13133
service:
extensions: [health_check]
pipelines:
# Application logs → Production + Backup (HA)
logs/app-ha:
receivers: [filelog/app]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/backup]
# System logs → Production only
logs/system:
receivers: [filelog/system]
processors: [batch, resource_detection]
exporters: [otlphttp/production]
# Security logs → Production + Staging (audit trail)
logs/security:
receivers: [filelog/security]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/staging]
# Aggregated logs → All backends (mirroring)
logs/mirror:
receivers: [filelog/app, filelog/system, filelog/security]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/backup, otlphttp/staging]
Ví dụ thực tế
Ví dụ: Gửi Security log tới Platform chính + Backup + Archive
receivers:
# Collect from application logs
filelog/app:
include:
- /home/bacnt/logs/app/*.log
- /home/bacnt/logs/api/*.log
start_at: end
include_file_path: true
include_file_name: true
multiline_line_start_pattern: '^\d{4}-\d{2}-\d{2}'
# Collect from system logs
filelog/system:
include:
- /var/log/syslog
- /var/log/auth.log
start_at: end
include_file_path: true
# Collect from security logs
filelog/security:
include:
- /var/log/audit/audit.log
start_at: end
include_file_path: true
processors:
batch:
send_batch_size: 10
send_batch_max_size: 100
timeout: 5s
# Optional: Add attributes to identify logs from each source
resource_detection:
detectors: [system]
exporters:
# Primary backend - Production
otlphttp/production:
endpoint: ${PROD_ENDPOINT}
logs_endpoint: ${PROD_ENDPOINT}
headers:
x-api-key: ${PROD_API_KEY}
Content-Type: "application/json"
timeout: 30s
encoding: json
# Secondary backend - Backup/HA
otlphttp/backup:
endpoint: ${BACKUP_ENDPOINT}
logs_endpoint: ${BACKUP_ENDPOINT}
headers:
x-api-key: ${BACKUP_API_KEY}
Content-Type: "application/json"
timeout: 30s
encoding: json
# Staging backend - Testing
otlphttp/staging:
endpoint: ${STAGING_ENDPOINT}
logs_endpoint: ${STAGING_ENDPOINT}
headers:
x-api-key: ${STAGING_API_KEY}
Content-Type: "application/json"
timeout: 30s
encoding: json
extensions:
health_check:
endpoint: localhost:13133
service:
extensions: [health_check]
pipelines:
# Application logs → Production + Backup (HA)
logs/app-ha:
receivers: [filelog/app]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/backup]
# System logs → Production only
logs/system:
receivers: [filelog/system]
processors: [batch, resource_detection]
exporters: [otlphttp/production]
# Security logs → Production + Staging (audit trail)
logs/security:
receivers: [filelog/security]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/staging]
# Aggregated logs → All backends (mirroring)
logs/mirror:
receivers: [filelog/app, filelog/system, filelog/security]
processors: [batch, resource_detection]
exporters: [otlphttp/production, otlphttp/backup, otlphttp/staging]