Dear All,
Could anyone please give a documentation for how to use "BindPlane OpenTelemetry collector" for syslog collection and how to collect metric logs with the collector?
Thanks,
Solved
BindPlane OpenTelemetry collector
+8- Bronze 2
Best answer by mikewilusz
Syslog can mean a couple different things. If you want to open a TCP listener (similar to the SecOps forwarder) you can find details here: https://observiq.com/docs/resources/sources/tcp
If you're interested in "tail"ing a syslog file, you can use a file reader. I have an example on my github here: https://github.com/pilot006/observiq-chronicle-example-config/blob/main/config_nix.yaml
For metrics are you interested in collecting metrics from the host, or rather collecting metrics from Bindplane related to the agent?
-mike
+10Syslog can mean a couple different things. If you want to open a TCP listener (similar to the SecOps forwarder) you can find details here: https://observiq.com/docs/resources/sources/tcp
If you're interested in "tail"ing a syslog file, you can use a file reader. I have an example on my github here: https://github.com/pilot006/observiq-chronicle-example-config/blob/main/config_nix.yaml
For metrics are you interested in collecting metrics from the host, or rather collecting metrics from Bindplane related to the agent?
-mike
+8- Bronze 2
Syslog can mean a couple different things. If you want to open a TCP listener (similar to the SecOps forwarder) you can find details here: https://observiq.com/docs/resources/sources/tcp
If you're interested in "tail"ing a syslog file, you can use a file reader. I have an example on my github here: https://github.com/pilot006/observiq-chronicle-example-config/blob/main/config_nix.yaml
For metrics are you interested in collecting metrics from the host, or rather collecting metrics from Bindplane related to the agent?
-mike
Hi @mikewilusz ,
Thanks for providing these documents. This is helpful.
I want to collect metric logs from the host.
Thanks,
Aravind S
+8- Bronze 2
Hi @mikewilusz ,
Thanks for providing these documents. This is helpful.
I want to collect metric logs from the host.
Thanks,
Aravind S
Dear All,
Could anyone give an update on this?
Hi @mikewilusz ,
Thanks for providing these documents. This is helpful.
I want to collect metric logs from the host.
Thanks,
Aravind S
Hi @mikewilusz ,
Any update on this?
Also could you provide the sample conf file for syslog collection?
Thanks,
Aravind
+2- Bronze 1
Hi All,
Please find the below sample configuration file and useful link;
receivers:
windowseventlog/source0__application:
attributes:
log_type: windows_event.application
channel: application
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__security:
attributes:
log_type: windows_event.security
channel: security
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__system:
attributes:
log_type: windows_event.system
channel: system
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
exporters:
chronicleforwarder/forwarder:
export_type: syslog
raw_log_field: body
syslog:
endpoint: ForwarderIP:port
transport: udp or tcp
service:
pipelines:
logs/source0__forwarder-0:
receivers:
- windowseventlog/source0__system
- windowseventlog/source0__application
- windowseventlog/source0__security
exporters:
- chronicleforwarder/forwarder
Solved: BindPlane OpenTelemetry collector - Google Cloud Community
+8- Bronze 2
Hi All,
Please find the below sample configuration file and useful link;
receivers:
windowseventlog/source0__application:
attributes:
log_type: windows_event.application
channel: application
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__security:
attributes:
log_type: windows_event.security
channel: security
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
windowseventlog/source0__system:
attributes:
log_type: windows_event.system
channel: system
max_reads: 100
poll_interval: 1s
raw: true
start_at: end
exporters:
chronicleforwarder/forwarder:
export_type: syslog
raw_log_field: body
syslog:
endpoint: ForwarderIP:port
transport: udp or tcp
service:
pipelines:
logs/source0__forwarder-0:
receivers:
- windowseventlog/source0__system
- windowseventlog/source0__application
- windowseventlog/source0__security
exporters:
- chronicleforwarder/forwarder
Solved: BindPlane OpenTelemetry collector - Google Cloud Community
Thanks @RanjithHegdeK
+16- Community Manager
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.