How can I use the OpenTelemetry Collector (from opentelemetry-collector-contrib) to collect Linux system logs, including details about user logins, and send them to OpenSearch?

[NamanGajjar26]

Hello
I am working with the opentelemetry-collector-contrib project and want to collect Linux system logs, specifically logs related to user logins, and send them to OpenSearch.

System Logs: Logs typically found in /var/log/ directory, such as /var/log/auth.
log or /var/log/secure, depending on the Linux distribution.
Desired Data: I want details about user logins, including successful and failed login attempts.
Output Destination: OpenSearch.

Which components (e.g., receivers, processors, exporters) should I configure in the OpenTelemetry Collector to achieve this? Can you also provide a sample configuration?

[JaredTan95]

pls following https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver and https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/opensearchexporter

[NamanGajjar26]

i want to get linux (ubuntu) syslog get in opensearch using opentelemetry
i try your solution but in my case not working because i cant get syslog in Kubernetes any pods
i try like this below

` filelog:
       include:
         - /var/log/syslog
         - /var/log/auth.log
       exclude:
         - /var/log/*-debug.log   
       operators:
         - type: json_parser          
           timestamp:
             parse_from: attributes.timestamp            
             layout: '%Y-%m-%dT%H:%M:%S.%LZ' 
           severity:
             parse_from: attributes.level          
       start_at: end     `