Open PettitWesley opened 1 year ago
FYI Systemd_Filter
can take any journald filter! not just _SYSTEMD_UNIT
If you look at the manpage of journalctl
you'll see:
-k, --dmesg
Show only kernel messages. This implies -b and adds the match
"_TRANSPORT=kernel".
Added in version 205.
AKA you can use the following to get dmesg logs:
[INPUT]
Name systemd
Tag host.dmesg.*
Systemd_Filter _TRANSPORT=kernel
I hope this helps solve your problem
Bottlerocket log collection
No host logs on Bottlerocket
UPDATE: please see new workaround from community: https://github.com/aws-samples/amazon-cloudwatch-container-insights/issues/136#issuecomment-2143989603
The Bottlerocket AMIs are meant to be a very stripped down container OS. Consequently, there are fewer log types to collect.
I've reached out the bottlerocket team and they said that all logs should go to journald on Bottlerocket.
On Bottlerocket, the
/aws/containerinsights/Cluster_Name/host
will not be populated because/var/log/dmesg
,/var/log/secure
, and/var/log/messages
files do not exist on bottlerocket.dmesg logs can be obtained with
journalctl -k
orjournalctl --dmesg
:However, Fluent Bit appears to only be able to collect systemd unit journald logs. The docs say that it can filter by systemd unit file only: https://docs.fluentbit.io/manual/pipeline/inputs/systemd
And when I tried an input with no filters, no logs were collected:
Here's the contents of
/var/log
on my node:The logs in
aws-routed-eni
might be interesting to some users and could be collected with a Tail input: https://docs.fluentbit.io/manual/pipeline/inputs/tailNotes:
/var/log
, but its empty. I've reached out the bottlerocket team and they said that all logs should go to journald on Bottlerocket. As noted above, you can usejournalctl
to obtain them.Pod Logs will still be collected
Pod logs can still be collected without any change in experience.
Dataplane logs will still be collected
Kubelet and Containerd logs can still be collected without any change in experience.