search

serilog-contrib / serilog-sinks-splunk

A Serilog sink that writes to Splunk
https://splunk.com
Apache License 2.0
46 stars 47 forks source link

no httprequests for dotnet core app in docker container #23

Closed nikki603 closed 8 years ago

nikki603 commented 8 years ago

I have a dotnet core RC2 application that is using serilog-sinks-splunk v2.0.0 to send all log entries to a Splunk server 6.3 Enterprise. When the application is running locally (not in a docker container), http requests are sent successfully. I can see them in Fiddler and my entries are viewable in Splunk. However when the same application is in a docker container, no I see no requests in Fiddler and nothing in Splunk. Has anyone had this problem?

merbla commented 8 years ago

@nikki603 I am getting https://github.com/serilog/serilog-docker working with the latest bits.

Will let you know how I go.

merbla commented 8 years ago

@nikki603 checkout the new 2.0.1 package or the docker example.

These are working now, so keen to see if you still have the issues.

nikki603 commented 8 years ago

@merbla I am using serilog-sinks-splunk v2.0.1 now and using the docker console sample. I changed the EventCollector splunkHost to my Splunk server:

var logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .WriteTo.LiterateConsole()
            .WriteTo.EventCollector("https://10.16.16.68:8088/", "4AAAFB55-184F-4DC7-9383-59DC2D4B1DBF")
            .Enrich.WithProperty("App Name", "Serilog Console Docker Sample")
            .CreateLogger();

I am seeing the following errors:

HTTPS handshake to 10.16.16.68 (for #5) failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.

Also in Fiddler I see: image

If I click yes, I can send events to my Splunk server. If I click No or do nothing, events fail to send. Since I have no control over my company's Splunk server, I think I need a client-side way to disable or ignore certificate validation. For example in the docker splunk driver I have an option 'splunk-insecureskipverify' that I set to true.

What do you think?

merbla commented 8 years ago

Does the SSL cert that you are using exist in the docker container?

merbla commented 8 years ago

The ability to ignore invalid certs has changed/ moved in dotnet core.

Perhaps try ignoring cert validation.

nikki603 commented 8 years ago

Does the SSL cert that you are using exist in the docker container?

No

Perhaps try ignoring cert validation.

How? Wouldn't it need to be done when the HttpClient is created?

merbla commented 8 years ago

@nikki603 I think if we extend the configuration options similar to the Seq sink so we can allow for an override.

I have this Core running in prod fine with certs however they do exist on the docker container.

nikki603 commented 8 years ago

I did finally get the serilog-docker examples and my own application inside a Docker container to work with a Splunk server outside the container with SSL enabled. Thank you.

I would still like the option to ignore cert errors in the sink.