update the Dockerfile in our keycloack to add nxlog to be available in our image.
Test the configurations and image in our sandbox env.
@ConradBoydElliottGustafson
' You are looking to collect 4 distinct log types:
Openshift platform logs – These logs are being sent by Nick’s team and only contain information about infrastructure changes i.e. actions against a container, not within a container.
Application Logs – This is activity that occurs inside a container. These logs are not being sent today and the onus is on the container owner to ship these logs.
Currently some of the app logs are being logged by the JBoss middleware to flat files under /var/log/???
Keycloak application logs – logging to a Postgres table
This is nasty, (please inform the vendor that it is 2021 and there are better ways…😊 )
Postgres Audit logs
This is not OOB behaviour – I am not a pgsql expert, but last time I did this, there were 3 options:
i. Exhaustive logging (log_statement = all) – not great as log volumes explode
ii. Custom triggers – ugly and hard to maintain
iii. pgaudit extension – IMHO the best all round soln (https://github.com/pgaudit/pgaudit)
We are already receiving (1 – Openshift platform logs) through Nick’s team.
For (2 – Application Logs) – the source is a JBoss middleware managed app. Your options are:
Add a JBoss logging stanza to forward the logs directly to a syslog endpoint as well as a the existing local log files
Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container
Use ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
For (3 – Keycloak logs stored in a postgres table) your options are:
Write a script that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above)
Write a DB trigger/procedure that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above)
Use NXLog to directly query the table and forward the logs.
Beat the vendor with a large stick until they fix their soln.
For (4 – Postgres Audit Logs) – once the logs are generated to a local file, your options are:
Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container
The ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
The simplest soln is to use NXlog as this will pull existing logs from both local files and DB tables.
If you can get the keycloak logs out of the DB tables (not difficult, just work) and into a flat file you only require RSyslogd or NXLog it looks like the latest version of NXLog community edition allows us to pull from DB tables using DBI.
@ConradBoydElliottGustafson
' You are looking to collect 4 distinct log types:
Openshift platform logs – These logs are being sent by Nick’s team and only contain information about infrastructure changes i.e. actions against a container, not within a container. Application Logs – This is activity that occurs inside a container. These logs are not being sent today and the onus is on the container owner to ship these logs. Currently some of the app logs are being logged by the JBoss middleware to flat files under /var/log/??? Keycloak application logs – logging to a Postgres table This is nasty, (please inform the vendor that it is 2021 and there are better ways…😊 ) Postgres Audit logs This is not OOB behaviour – I am not a pgsql expert, but last time I did this, there were 3 options: i. Exhaustive logging (log_statement = all) – not great as log volumes explode ii. Custom triggers – ugly and hard to maintain iii. pgaudit extension – IMHO the best all round soln (https://github.com/pgaudit/pgaudit)
We are already receiving (1 – Openshift platform logs) through Nick’s team.
For (2 – Application Logs) – the source is a JBoss middleware managed app. Your options are: Add a JBoss logging stanza to forward the logs directly to a syslog endpoint as well as a the existing local log files Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container Use ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
For (3 – Keycloak logs stored in a postgres table) your options are: Write a script that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above) Write a DB trigger/procedure that periodically dumps any new log lines (table rows) to a local file and then use RSyslogd or NXlog to ship the logs (in the same manner as (1) above) Use NXLog to directly query the table and forward the logs. Beat the vendor with a large stick until they fix their soln.
For (4 – Postgres Audit Logs) – once the logs are generated to a local file, your options are: Use RSyslog to tail the existing local log files and forward the logs via an already running RSyslogd instance in the container The ‘NXLog Community Edition’ (functionally equivalent to (2) but with a different tool (see below for why I have included this option).
The simplest soln is to use NXlog as this will pull existing logs from both local files and DB tables. If you can get the keycloak logs out of the DB tables (not difficult, just work) and into a flat file you only require RSyslogd or NXLog it looks like the latest version of NXLog community edition allows us to pull from DB tables using DBI.
Some info: NXLog OS support for RHEL: https://nxlog.co/documentation/nxlog-user-guide/deploy-rhel.html NCLog Community Edition vs Enterprise Edition Comparison: https://nxlog.co/documentation/nxlog-user-guide/about-nxlog.html#feature_comparison NXLog ODBC DB table reader (Enterprise Edition only): https://nxlog.co/documentation/nxlog-user-guide/im_odbc.html NXLog DBI DB table reader (Community Edition only): https://nxlog.co/documentation/nxlog-user-guide/im_dbi.html NXLog Docs: https://nxlog.co/documentation
Example NXLog config to ‘tail’ a local file and send the logs to one of our relays:
Please set the ROOT to the folder your nxlog was installed into,
otherwise it will not start.