flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joey Echeverria <j...@cloudera.com>
Subject Re: Newbie question on using the Syslog agent in Flume
Date Mon, 24 Nov 2014 23:49:46 GMT
The host in your source config should be the hostname that will be
listening for syslog events. It's typically either to listen
on the wildcard interface or the fully qualified hostname/IP address
of the public network interface on the Flume agent.

You then configure the host that will send syslog events to Flume with
the Flume agent's hostname and the port you've configured. Here's an
article that shows how to configure rsyslog and syslog-ng to send to a



On Mon, Nov 24, 2014 at 3:25 PM, David Novogrodsky
<david.novogrodsky@gmail.com> wrote:
> All,
> I am new to the Hadoop Ecosystem.  I have a question about Syslog and the
> Flume agent for Syslog.
> I am working to ingest network data from an agent.  The agent is sending
> data in Syslog format, or is creating data in syslog format.  Here are the
> required parameters for a syslog Flume source:
> a1.sources = r1
> a1.channels = c1
> a1.sources.r1.type = syslogudp
> a1.sources.r1.port = 5140
> a1.sources.r1.host = localhost
> a1.sources.r1.channels = c1
> I asked the developer for the IP address of the syslog source.  I assume
> that the Flume agent sends an agent program to the syslog server, defined by
> a1.source.r1.host.  Is this correct?  Or is the a1.sources.c1.host IP
> address, the address of the machine that is running the Flume instance?
> David Novogrodsky
> david.novogrodsky@gmail.com
> http://www.linkedin.com/in/davidnovogrodsky

Joey Echeverria

View raw message