type sudo_tail path /var/log/audit/audit.log pos_file /var/opt/microsoft/omsagent/state/var_log_audit_audit_log.pos read_from_head true run_interval 5s format parser_auditlog tag oms.api.LinuxAuditLog.Timestamp # use grep plugin to filter the output # http://docs.fluentd.org/articles/filter_grep # # type grep # type out_oms_api log_level info run_in_background false buffer_chunk_limit 5m buffer_type file buffer_path /var/opt/microsoft/omsagent/state/var_log_audit_audit_log*.buffer buffer_queue_limit 10 flush_interval 20s retry_limit 6 retry_wait 30s max_retry_wait 30m compress true # # type stdout #