[QA (Japanese)]td-agentによるWIndowsイベントログのローカルファイルへの出力 #4777
-
やりたいことWindows2012サーバにて、td-agentを使用してWindowsイベントログをローカルのログファイルへ出力する設定を実施したいと考えております。 設定した内容##############################################################################
#Windows Eventlog Test2
<source>
@type windows_eventlog2
@id windows_eventlog2
##channels application,system,security,setup
read_all_channels true
preserve_qualifiers_on_hash true
tag winevt2.raw
<storage>
@type local
persistent true
path c:\opt\fluent\winevt2.pos
</storage>
</source>
#Tail one or more log files
<source>
@type tail
<parse>
@type none
</parse>
path c:\opt\fluent\hoge.txt
tag example.service
</source>
#Add hostname and service_name to all events with "example.service" tag
<filter example.service>
@type record_transformer
<record>
service_name ${tag}
hostname "#{Socket.gethostname}"
</record>
</filter>
<filter winevt2.raw>
@type record_transformer
<record>
message ${record["Description"]}
hostname "#{Socket.gethostname}"
logtype ${tag}
</record>
</filter>
#Forward all events to New Relic
<match **>
@type copy
<store>
@type newrelic
license_key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
</store>
<store>
@type file
path c:\Users\XXXXX\Documents\output_20250117_1.log
</store>
</match>
<system>
log_level debug
</system>ログの内容2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: init supervisor logger path="C:\\opt\\td-agent\\td-agent.log" rotate_age=nil rotate_size=nil
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: parsing config file is succeeded path="C:\\opt\\td-agent\\etc\\td-agent\\td-agent.conf"
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-calyptia-monitoring' version '0.1.3'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-elasticsearch' version '5.3.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-flowcounter-simple' version '0.1.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-kafka' version '0.19.2'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-metrics-cmetrics' version '0.1.2'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-newrelic' version '1.2.3'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-opensearch' version '1.1.3'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-parser-winevt_xml' version '0.2.6'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-prometheus' version '2.1.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-prometheus_pushgateway' version '0.1.1'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-record-modifier' version '2.1.1'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-rewrite-tag-filter' version '2.4.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-s3' version '1.7.2'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-sd-dns' version '0.1.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-td' version '1.2.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-webhdfs' version '1.5.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-windows-eventlog' version '0.9.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-windows-eventlog' version '0.8.3'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluent-plugin-windows-exporter' version '1.0.0'
2025-01-21 16:38:54 +0900 [info]: fluent/log.rb:362:info: gem 'fluentd' version '1.16.3'
2025-01-21 16:38:55 +0900 [debug]: fluent/log.rb:341:debug: adding store type="newrelic"
2025-01-21 16:38:55 +0900 [debug]: fluent/log.rb:341:debug: adding store type="file"
2025-01-21 16:38:55 +0900 [error]: fluent/log.rb:404:error: config error file="C:\\opt\\td-agent\\etc\\td-agent\\td-agent.conf" error_class=Fluent::ConfigError error="out_file: `c:\\Users\\XXXXX\\Documents\\output_20250117_1.log.20250121_**.log` is not writable"
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin/out_file.rb:161:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin.rb:187:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin/multi_output.rb:110:in `block in configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin/multi_output.rb:99:in `each'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin/multi_output.rb:99:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin/out_copy.rb:39:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/plugin.rb:187:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/agent.rb:132:in `add_match'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/agent.rb:74:in `block in configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/agent.rb:64:in `each'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/agent.rb:64:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/root_agent.rb:149:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/engine.rb:105:in `configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/engine.rb:80:in `run_configure'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/supervisor.rb:571:in `run_supervisor'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/lib/fluent/command/fluentd.rb:352:in `<top (required)>'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:83:in `require'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:83:in `require'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/lib/ruby/gems/2.7.0/gems/fluentd-1.16.3/bin/fluentd:15:in `<top (required)>'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/bin/fluentd:23:in `load'
2025-01-21 16:38:55 +0900 [debug]: core_ext/kernel_require.rb:83:require: C:/opt/td-agent/bin/fluentd:23:in `<main>'環境について- TD Agent version:4.5.3
- Operating system:Windows Server 2012 |
Beta Was this translation helpful? Give feedback.
Answered by
daipom
Jan 21, 2025
Replies: 2 comments 1 reply
-
|
@tt001a 結論から申し上げますと、特定のユーザー配下のパスを使われようとしていることが原因である可能性が非常に高いです。 以下補足です。 fluent-packageやtd-agentのWindows版は、FluentdをWindowsサービスとして動作させます。 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@daipom |
Beta Was this translation helpful? Give feedback.
Answer selected by
tt001a
-
|
@tt001a 質問とは直接関係しないのですが、td-agent はサポート終了しているので、後継のfluent-packageを利用されることを推奨しています。 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@tt001a
出力先のパスに書き込み権限がないため、Fluentdが動作を停止しているようです。
結論から申し上げますと、特定のユーザー配下のパスを使われようとしていることが原因である可能性が非常に高いです。
ユーザーの配下ではなく、
C:\opt\td-agent\配下のパスを利用したり、C:\fluentd-output\のようなディレクトリーを作成して利用してみてください。もしそれでも上手くいかなかったり、それらができない事情があれば、お気軽にご相談ください。
以下補足です。
fluent-packageやtd-agentのWindows版は、FluentdをWindowsサービスとして動作させます。
この際、
Local Systemアカウント権限での動作となり、システム全般への強い権限を持っているはずなのですが、特定ユーザーのディレクトリーにはそれでもアクセスができないケースがあるようです。