dstore-dist-eventforwarder
Command Arguments¶
dstore-dist-eventforwarder [-config file] [-debug] [-addr address:port] [-nconcur num] [-es-addr url] [-es-user user] [-es-pass password] [-es-cloud-id cloud-id] [-es-api-key api-key] [-es-index index-name]
Description¶
dstore-dist-eventforwarder receives events from dstore-dist, converts them to a JSON format that is suitable for ingestion
by external services such as elasticsearch, and forwards the events on to those services.
The initial version only supports forwarding the events to Elasticsearch, although future versions may support
forwarding to other services, such as a generic HTTP Webhook endpoint.
dstore-dist-eventforwarder differs from dstore-dist in that it both simplifies the event data (removing many of the low-level fields,
and any response data), while simultaneously enriching it by attempting to categorize events based on the tags present in those events.
The dstore-dist-eventforwarder is only suitable for forwarding events filtered by PowerDNS Platform Filter, which can be achieved
by for example using the has_tags and is_response filters in dstore-dist.
Flags¶
| Flag | Argument | Description |
|---|---|---|
| -config | <file> |
Load configuration from <file> |
| -debug | Generate debug logging | |
| -addr | <ip:port> |
Elasticsearch/Opensearch server address |
| -es-api-key | <api-key> |
Elastic/Opensearch API key |
| -es-cloud-id | <cloud-id> |
Elastic/Opensearch cloud id |
| -es-index | <index-name> |
Elastic/Opensearch index name |
| -es-user | <username> |
Elastic/Opensearch username |
| -es-pass | <password> |
Elastic/Opensearch password |
| -es-addr | <url> |
Elastic/Opensearch URL to connect to |
| -nconcur | <num> |
Number of concurrent senders, a value <= 0 means default (default 16) |
| -help | Display a helpful message and exit |
Files¶
/etc/pdns-dstore-dist/dstore-dist-eventforwarder.yml: Default location of the config file
Configuration¶
See Configuration of dstore-dist-eventforwarder for details of the configuration file format.