logdna / logdna-agent-v2

The blazingly fast, resource efficient log collection client
https://logdna.com
MIT License
65 stars 47 forks source link

Not (easily?) possible to only send one log file, impossible if that file is not in /var/log #315

Open jalenplayvs opened 2 years ago

jalenplayvs commented 2 years ago

The ask:

I have a special one-off host that I only want to ingest one log from, and the only way I could achieve it was to create permissions so that the job I was running could log to a file in /var/log. logdna-agent refuses to pick up a file in /home, or even a symlink from /var/log/... to a file in /home

dkhokhlov commented 2 years ago

how do you run agent? standalone app/service or in container/pod?

jalenplayvs commented 2 years ago

It's running in a Ubuntu 20.04 VM in AWS EC2 (no containerization involved), installed using the instructions for .deb Linux hosts from the logdna apt repo.

dkhokhlov commented 2 years ago

here is the logdna.env file:

# cat /etc/logdna.env
LOGDNA_INGESTION_KEY=xxxxxxxxxxxxxxxxxx
LOGDNA_LOG_DIRS=/mnt/my_log_dir
LOGDNA_INCLUSION_RULES=/mnt/my_log_dir/*
LOGDNA_EXCLUSION_RULES=/var/log/*

Test:

# mkdir -p /mnt/my_log_dir
# systemctl restart logdna-agent
# touch /mnt/my_log_dir/my.log
# echo "test" >> /mnt/my_log_dir/my.log
# echo "test" >> /mnt/my_log_dir/my.log
jalenplayvs commented 2 years ago

My team mate @seano-playvs is going to take this ticket from here. As I understand it, that solution did allow collecting a log file outside of /var/log, but did not successfully exclude the files in /var/log. Sean can tell you more.