As probably some of you know there is a blackbox component in the syslog-release which is enabled by default and also enabled in cf-deployment (if you enable the syslog opsfile). The blackbox component tails all logs files under /var/vcap/sys/log/*/* and forwards these logs to the rsyslog daemon. There is also an other rule higher up to exclude all logs tagged "vcap.*".
Blackbox essentially replaces logger.
The problem is that the new logs won't be tagged with vcap.component_name but only with component_name.
Do you have any plans to support this setup? Do you know about operators who are in a similar situation? Currently we have a fork of this repository and had to amend some Logstash filter to not expect "vcap." prefixes.
Hi,
As probably some of you know there is a blackbox component in the syslog-release which is enabled by default and also enabled in cf-deployment (if you enable the syslog opsfile). The blackbox component tails all logs files under
/var/vcap/sys/log/*/*
and forwards these logs to the rsyslog daemon. There is also an other rule higher up to exclude all logs tagged "vcap.*". Blackbox essentially replaceslogger
.The problem is that the new logs won't be tagged with
vcap.component_name
but only withcomponent_name
.Do you have any plans to support this setup? Do you know about operators who are in a similar situation? Currently we have a fork of this repository and had to amend some Logstash filter to not expect "vcap." prefixes.