We have defined server classes on our deployment server for tiered APP server roles based on machine prefix and works great. This is a way for us to define monitoring collection and run custom PowerShell scripts against a defined set of machines. We will soon be using a different server deployment process, installing the same APP server roles, but without the previous naming convention. At machine deployment time, we install a universal forwarder and could pass variables to the local inputs.conf.
Is there a way to configure a forwarder to specify it’s a member of a predefined server class?
PS: We looked at using _meta = foo:foo1 and doesn’t appear to do what we want because its search-time.
I believe you can define
clientName in the
deploymentclient.conf that can be the same across your forwarders. Then you would just add that to your whitelist in the
serverclass.conf stanza you want and any forwarder you configure using that clientName would get the configs in the stanza with it as a whitelist.
#deploymentClient.conf [deployment-client] disabled = false clientName = myAwesomeClient
#serverclass.conf [serverClass:Some-stanza] whitelist.0 = myAwesomeClient whitelist.1 = 192.168.1.1 [serverClass:Some-stanza:app:myAwesomeApp1] [serverClass:Some-stanza:app:myAwesomeApp2]
Bingo. And if I ever get my act together, I'll write up a full walk through of this approach using naming conventions in the clientname to facilitate a salable DS model just as @stath002 described.
I'm not sure if this question is phrased properly. We whitelist machines based on host prefix name. Without using a naming convention to allow/deny a host and apply correct monitoring, is there a different way to use our server classes by configuring something on the forwarder instead? Make sense?