# it is a sample to save process information as audit log into AWS S3 which filename isolated by hostname.

# this guide using following plugins.
# * fluent-plugin-watch-process
# * fluent-plugin-s3

<source>
  type watch_process

  # use ${hostname} placeholder to use filename
  tag          batch_process.${hostname}

  # filter specific user owned process. if no need to filter, delete this line.
  lookup_user  batchuser

  # ps command execute interval time
  interval     1s
</source>

<match batch_process.*>
  type s3

  aws_key_id YOUR_AWS_KEY_ID
  aws_sec_key YOUR_AWS_SECRET/KEY
  s3_bucket YOUR_S3_BUCKET_NAME
  s3_endpoint s3-ap-northeast-1.amazonaws.com
  s3_object_key_format %{path}%{time_slice}_%{index}.%{file_extension}
  path barch_process_logs/
  buffer_path /var/log/fluent/s3_batch_process

  time_slice_format %Y%m%d-%H
  time_slice_wait 10m
  utc
</match>