kelseyhightower / journal-2-logentries

Ship systemd journal entries to logentries.com
45 stars 25 forks source link

Add loggly adapter #1

Open rosskukulinski opened 9 years ago

rosskukulinski commented 9 years ago

I'd like to take a crack at adding a loggly adapter.

randomvariable commented 9 years ago

Alternatively, what's the license for this project? Can it be forked to include the Loggly adapter?

jaroslavl1 commented 9 years ago

When I evalulated loggly, I used this snippet in CoreOS with systemd:

[Unit]
Description=Loggly Forwarder

[Service]
Restart=always
RestartSec=10s

ExecStartPre=/bin/sh -c \
             "if [ -n \"$(etcdctl get /loggly.com/`hostname`/lastlog)\" ]; then  \
                echo \"Last log date: $(etcdctl get /loggly.com/`hostname`/lastlog)\"; \
              else \
                etcdctl set /loggly.com/`hostname`/lastlog\"`date +\"%Y-%%m-%d %%H:%M:%S\"`\"; true; \
              fi"
ExecStart=/bin/sh -c "journalctl --since \"$(etcdctl get /loggly.com/`hostname`/lastlog)\" -o short -f | awk '{ print \"\<34\>1\", $0; fflush(); }' | awk '{ print $0, \"[YOURKEYHERE@41058 tag='deis']\" }' | ncat --ssl logs-01.loggly.com 6514"
ExecStopPost=/bin/sh -c "export D=\"`date +\"%Y-%%m-%%d %%H:%M:%S\"`\"; \
                         /bin/etcdctl set /loggly.com/$(hostname)/lastlog \"$D\""

[Install]
WantedBy=multi-user.target

[X-Fleet]
Global=true

In non CoreOS linux you would have to replace the etcd call and store the date time somewhere else (file).

randomvariable commented 9 years ago

Hi.

I ended up writing this: https://github.com/randomvariable/journald-forwarder

Tries to export as much structured data to Loggly as possible.

josh-padnick commented 9 years ago

Just a head's up that journald actually has a 2,048 character limit by default (https://bugs.freedesktop.org/show_bug.cgi?id=86465). Even when you output logs in JSON, entries that span more than 2048 characters will be auto-truncated.

For this reason, we ultimately wound up installing fluentd as a container, mounting the docker logs volume in read-only mode, and writing a custom fluentd plugin (which we hope to publish at some point) to add the appropriate metadata to the docker logs.