Add a collector for journald collection

[jimmycuadra]

If you want to send journald logs to Sumo, there is currently this method, but it would be great to have a collector image that understood journald directly without having to use that forwarding service.

[duchatran]

@jimmycuadra : I think our new docker native sources support journald logs automatically. Can you check? These log sources are available with the appcollector image (https://hub.docker.com/r/sumologic/appcollector/)

[jimmycuadra]

I don't see a way to tell. There's nothing about it in the documentation. What's the difference between sumologic/collector and sumologic/appcollector? I was hoping for a way to configure this without giving the collector container direct access to the Docker socket.

[duchatran]

sumologic/collector:latest actually wont' run out of the box - you need to pick one of the other tags that predefined a Sumo source for the embedded Sumo collector (e.g sumologic/collector:latest-file, or sumologic/collector:latest-syslog). See here for the full list: https://hub.docker.com/r/sumologic/collector/tags/ sumologic/appcollector is a container image with 2 built-in native sources: one to collect all containers stats, one to collect all containers logs and events. This image is built out of this Dockerfile: https://github.com/SumoLogic/sumologic-collector-docker/tree/master/docker-sources Note that events and stats data are used by the SumoLogic Docker app - if you use that app. Also the embedded Sumo collector for this image uses the Docker Remote API to pull these data so it needs access to the Docker socket. Since the "logs" endpoint works with json-file and journald logging drivers according to Docker documentation, your journald logs should be picked up by these 2 sources.

[jimmycuadra]

Thanks for the explanation. I believe this will work for me!