Ship in data from Cloud Foundry loggregator

[mrdavidlaing]

It would be really useful to be able to stream all the logs from applications hosted on Cloud Foundry into a logsearch cluster.

Looks like CF will ship your app logs using syslog, as described in the mailing list post shown below

https://groups.google.com/a/cloudfoundry.org/forum/#!topic/vcap-dev/lVLLvnmXG_g :

the easiest way to do this is to have loggregator publish logs to your syslog endpoint. to do this you create a user-provided service and bind that to your app.

gcf create-user-provided-service my-drain-service -l syslog://example.com

gcf bind-service my-app-name my-drain-service

here is the draft documentation in the story for creating the doc entry for loggregator:

Syslog drains

Cloud Foundry Loggregator syslog drains allow you to forward your Cloud Foundry application logs to an external syslog server for analysis and long-term archiving. You must configure the service or your server to be able to receive syslog packets from Cloud Foundry Loggregator, and then add its syslog URL (which contains the host and port) as a syslog drain.

Drain log messages are formatted according to RFC5424. They are delivered over TCP as described in RFC6587, using the octet counting framing method.

[mrdavidlaing]

Questions around origin & security asked of the CF dev mailing list - https://groups.google.com/a/cloudfoundry.org/d/msg/vcap-dev/3hXUl4szWI8/9YDFx0FWTGkJ

I have a couple of questions I'd like to ask concerning the origin and "security" of the loggregator syslog drain.

Specifically:

• For the purposes of opening firewall ports, where does a CF cluster's loggregator syslog drain originate? Is it a fixed IP / cluster? What is it for run.pivotal.io?
• Is the syslog data flow encrypted? If so how?

[sopel]

Closed as Won't Fix due to project being retired to the CityIndex Attic.