Source: fluent, allow sending events to unix socket

[nhlushak]

A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

We are activelly using Vector as a replacement for FluentD in our ECS Fargate. We successfully utilize logging libraries in our code that are wrapping events via forward protocol and sending them to tcp endpoint in Vector.

But now we are looking towards using Vector sidecar as ECS Firelens container to receive console logs from main containers via fluent logging driver. Unfortunately, sending logs to Firelens container is available only via Unix socket which Vector is currently is not able to do.

Attempted Solutions

We tried using socket source but this is not the case, since data sent in Fluent format.

Current workaround we achieved is to use splunk logging driver and splunk hec source. That is working, but we lack some addtitional info that ECS provides for log events sent through Firelens.

Proposal

Extend fluent source so it could receive data not only through adress (e.g. localhost:24224) but also via UNIX socket (e.g. /var/run/fluent.sock).

References

No response

Version

0.28.2

[zamazan4ik]

We tried using socket source but this is not the case, since data sent in Fluent format.

Hmmm. These words sound like we need to implement fluent codec... With that, using socket source with fluent codec should be ok.

[nhlushak]

@zamazan4ik This might be a solution, indeed.

[mrzor]

socat could help bridging a unix socket to Vector while you wait for a proper fix.