Open rosskukulinski opened 9 years ago
Alternatively, what's the license for this project? Can it be forked to include the Loggly adapter?
When I evalulated loggly, I used this snippet in CoreOS with systemd:
[Unit]
Description=Loggly Forwarder
[Service]
Restart=always
RestartSec=10s
ExecStartPre=/bin/sh -c \
"if [ -n \"$(etcdctl get /loggly.com/`hostname`/lastlog)\" ]; then \
echo \"Last log date: $(etcdctl get /loggly.com/`hostname`/lastlog)\"; \
else \
etcdctl set /loggly.com/`hostname`/lastlog\"`date +\"%Y-%%m-%d %%H:%M:%S\"`\"; true; \
fi"
ExecStart=/bin/sh -c "journalctl --since \"$(etcdctl get /loggly.com/`hostname`/lastlog)\" -o short -f | awk '{ print \"\<34\>1\", $0; fflush(); }' | awk '{ print $0, \"[YOURKEYHERE@41058 tag='deis']\" }' | ncat --ssl logs-01.loggly.com 6514"
ExecStopPost=/bin/sh -c "export D=\"`date +\"%Y-%%m-%%d %%H:%M:%S\"`\"; \
/bin/etcdctl set /loggly.com/$(hostname)/lastlog \"$D\""
[Install]
WantedBy=multi-user.target
[X-Fleet]
Global=true
In non CoreOS linux you would have to replace the etcd call and store the date time somewhere else (file).
Hi.
I ended up writing this: https://github.com/randomvariable/journald-forwarder
Tries to export as much structured data to Loggly as possible.
Just a head's up that journald actually has a 2,048 character limit by default (https://bugs.freedesktop.org/show_bug.cgi?id=86465). Even when you output logs in JSON, entries that span more than 2048 characters will be auto-truncated.
For this reason, we ultimately wound up installing fluentd as a container, mounting the docker logs volume in read-only mode, and writing a custom fluentd plugin (which we hope to publish at some point) to add the appropriate metadata to the docker logs.
I'd like to take a crack at adding a loggly adapter.