zsamji
commented
3 years ago @nvunnamm @ConradBoydElliottGustafson is this done?
Closed nvunnamm closed 3 years ago
zsamji
commented
3 years ago @nvunnamm @ConradBoydElliottGustafson is this done?
nvunnamm
commented
3 years ago @zsamji We are working on fluent bit side-car instead of nxlogs now
ConradBoydElliottGustafson
commented
3 years ago This is abandoned. We are going in a completely different direction (Fluent Bit sidecar).
@ConradBoydElliottGustafson
' You are looking to collect 4 distinct log types:
Openshift platform logs – These logs are being sent by Nick’s team and only contain information about infrastructure changes i.e. actions against a container, not within a container. Application Logs – This is activity that occurs inside a container. These logs are not being sent today and the onus is on the container owner to ship these logs. Currently some of the app logs are being logged by the JBoss middleware to flat files under /var/log/??? Keycloak application logs – logging to a Postgres table This is nasty, (please inform the vendor that it is 2021 and there are better ways…😊 ) Postgres Audit logs This is not OOB behaviour – I am not a pgsql expert, but last time I did this, there were 3 options: i. Exhaustive logging (log_statement = all) – not great as log volumes explode ii. Custom triggers – ugly and hard to maintain iii. pgaudit extension – IMHO the best all round soln (https://github.com/pgaudit/pgaudit)
We are already receiving (1 – Openshift platform logs) through Nick’s team.
For (2 – Application Logs) – the source is a JBoss middleware managed app. Your options are: Add a JBoss logging stanza to forward the logs directly to a syslog endpoint as well as a the existing local log files Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container Use ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
For (3 – Keycloak logs stored in a postgres table) your options are: Write a script that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above) Write a DB trigger/procedure that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above) Use NXLog to directly query the table and forward the logs. Beat the vendor with a large stick until they fix their soln.
For (4 – Postgres Audit Logs) – once the logs are generated to a local file, your options are: Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container The ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
The simplest soln is to use NXlog as this will pull existing logs from both local files and DB tables. If you can get the keycloak logs out of the DB tables (not difficult, just work) and into a flat file you only require RSyslogd or NXLog it looks like the latest version of NXLog community edition allows us to pull from DB tables using DBI.
Some info: NXLog OS support for RHEL: https://nxlog.co/documentation/nxlog-user-guide/deploy-rhel.html NCLog Community Edition vs Enterprise Edition Comparison: https://nxlog.co/documentation/nxlog-user-guide/about-nxlog.html#feature_comparison NXLog ODBC DB table reader (Enterprise Edition only): https://nxlog.co/documentation/nxlog-user-guide/im_odbc.html NXLog DBI DB table reader (Community Edition only): https://nxlog.co/documentation/nxlog-user-guide/im_dbi.html NXLog Docs: https://nxlog.co/documentation
Example NXLog config to ‘tail’ a local file and send the logs to one of our relays:
Please set the ROOT to the folder your nxlog was installed into,
otherwise it will not start.