# Detect Windows Server Version $OSVersion = (Get-CimInstance Win32_OperatingSystem).Version if ($OSVersion -like "10.*") { $OSType = "WindowsServer2019or2022" } else { Write-Host "Unsupported Windows Server version. This script is intended for Windows Server 2019 and 2022. Exiting." exit 1 } # Retrieve Instance ID using IMDSv2 (with fallback to IMDSv1) $Token = $null try { $Token = Invoke-RestMethod -Uri "http://169.254.169.254/latest/api/token" -Method PUT -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -ErrorAction Stop Write-Host "Successfully retrieved IMDSv2 token." } catch { Write-Warning "Failed to retrieve IMDSv2 token. Falling back to IMDSv1." } if ($Token) { try { $InstanceID = Invoke-RestMethod -Uri "http://169.254.169.254/latest/meta-data/instance-id" -Headers @{"X-aws-ec2-metadata-token" = $Token} -ErrorAction Stop } catch { Write-Error "Unable to retrieve instance ID using IMDSv2. Verify metadata service settings." exit 1 } } else { try { $InstanceID = Invoke-RestMethod -Uri "http://169.254.169.254/latest/meta-data/instance-id" -ErrorAction Stop } catch { Write-Error "Unable to retrieve instance ID using IMDSv1. Exiting." exit 1 } } if (-not $InstanceID) { Write-Error "Failed to retrieve instance ID. Exiting." exit 1 } Write-Host "Successfully retrieved instance ID: $InstanceID" # Check if Fluentd service is already installed and running $FluentdService = Get-Service -Name fluentdwinsvc -ErrorAction SilentlyContinue if ($FluentdService) { if ($FluentdService.Status -eq "Running") { Write-Host "Fluentd service is already installed and running. Skipping installation." exit 0 } else { Write-Host "Fluentd service is installed but not running. Starting the service..." Start-Service -Name fluentdwinsvc $ServiceStatus = Get-Service -Name fluentdwinsvc Write-Host "Fluentd service status: $($ServiceStatus.Status)" if ($ServiceStatus.Status -eq "Running") { Write-Host "Fluentd is now running successfully. Exiting script." exit 0 } else { Write-Error "Failed to start Fluentd service. Exiting." exit 1 } } } # Install Fluentd $FluentdInstallerURL = "https://s3.amazonaws.com/packages.treasuredata.com/lts/5/windows/fluent-package-5.0.5-x64.msi" $InstallerPath = "$env:TEMP\fluent-package-5.0.5-x64.msi" Write-Host "Downloading Fluentd installer..." Invoke-WebRequest -Uri $FluentdInstallerURL -OutFile $InstallerPath -ErrorAction Stop Write-Host "Installing Fluentd..." Start-Process -FilePath "msiexec.exe" -ArgumentList "/i", "`"$InstallerPath`"", "/quiet", "/norestart" -Wait if (-not (Get-Service -Name fluentdwinsvc -ErrorAction SilentlyContinue)) { Write-Error "Fluentd installation failed. Exiting." exit 1 } Write-Host "Fluentd installed successfully." # Set Fluentd service to automatic start Write-Host "Setting Fluentd service to start automatically on boot..." Set-Service -Name fluentdwinsvc -StartupType Automatic # Start Fluentd Service Write-Host "Starting Fluentd service..." Start-Service -Name fluentdwinsvc # Check Fluentd Service Status $ServiceStatus = Get-Service -Name fluentdwinsvc Write-Host "Fluentd service status: $($ServiceStatus.Status)" # Configure Fluentd $FluentdConfigPath = "C:\opt\fluent\etc\fluent\fluentd.conf" # Default Fluentd configuration path $FluentdConfigContent = @" @type windows_eventlog channels ["System", "Application", "Security"] # Collect System, Application, and Security logs read_interval 2 # Fetch logs every 2 seconds tag windows.eventlog # Tag for filtering logs @type local persistent true path C:/fluentd/storage/system_winlog.json remove_on_idle true remove_interval 7200 # Remove logs older than 2 hours (7200 seconds) @type s3 s3_bucket abhi-1221 # Replace with your S3 bucket name s3_region ap-south-1 # Replace with your S3 region (e.g., us-east-1) path windows/$InstanceID/%Y/%m/%d/ # Use dynamic values from the record to organize logs by instance time_slice_format %Y%m%d%H # Log chunk format: year, month, day, hour time_slice_wait 2m # Wait before finalizing a log chunk localtime true buffer_path C:/opt/fluent/buffer/s3 # Buffer directory for Fluentd @type json # Store logs in JSON format @type file # File-based buffer path C:/opt/fluent/buffer/s3 flush_mode interval # Flush logs at intervals flush_interval 1m # Flush every 1 minute retry_max_times 10 # Retry up to 10 times on failure retry_wait 30 # Wait 30 seconds between retries chunk_limit_records 1000 # Adjust based on your needs (optional) flush_thread_count 2 # Adjust for performance (optional) timekey 7200 # Logs will expire after 2 hours (2 * 60 * 60) "@ Write-Host "Updating Fluentd configuration..." Set-Content -Path $FluentdConfigPath -Value $FluentdConfigContent # Create Necessary Directories and Set Permissions $BufferPath = "C:\opt\fluent\buffer\s3" if (-Not (Test-Path -Path $BufferPath)) { New-Item -ItemType Directory -Path $BufferPath } Write-Host "Setting permissions for Fluentd directories..." icacls "C:\opt\fluent\" /grant "Everyone:(OI)(CI)F" /T # Restart Fluentd Service Write-Host "Restarting Fluentd service..." Restart-Service -Name fluentdwinsvc # Final Status Check $ServiceStatus = Get-Service -Name fluentdwinsvc if ($ServiceStatus.Status -eq "Running") { Write-Host "Fluentd is running successfully." } else { Write-Error "Fluentd service failed to start. Check the logs for more information." }