Skip to content

Commit ca31037

Browse files
authored
Merge pull request #19650 from mburke5678/BZ-1799024
Could not forward logs to rsyslog server
2 parents 0f8e328 + 17847df commit ca31037

File tree

5 files changed

+207
-29
lines changed

5 files changed

+207
-29
lines changed

_topic_map.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1041,9 +1041,9 @@ Topics:
10411041
File: cluster-logging-collector
10421042
- Name: Using tolerations to control cluster logging pod placement
10431043
File: cluster-logging-tolerations
1044-
- Name: Forwarding cluster logs to specific endpoints
1044+
- Name: Forwarding cluster logs using Log Forwarding
10451045
File: cluster-logging-log-forwarding
1046-
- Name: Sending logs to external devices using Fluentd plug-ins
1046+
- Name: Fowarding cluster logs using Fluentd plug-ins
10471047
File: cluster-logging-external
10481048
- Name: Configuring systemd-journald for cluster logging
10491049
File: cluster-logging-systemd
Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,28 @@
11
:context: cluster-logging-external
22
[id="cluster-logging-external"]
3-
= Sending logs to external devices using Fluentd Forward plug-ins
3+
= Fowarding cluster logs using Fluentd plug-ins
44
include::modules/common-attributes.adoc[]
55

66
toc::[]
77

8-
{product-title} cluster logging allows you to configure the Fluentd *out_forward* plug-in to send logs to external devices.
8+
{product-title} cluster logging allows you to send logs to destinations outside of your {product-title} cluster instead of the default Elasticsearch instance.
99

10-
You can use the xref:../../logging/config/cluster-logging-log-forwarding.adoc#cluster-logging-log-forwarding[log forwarding feature], which can be easier to configure than the plugins. Note that the log forwarding feature is currently in Technology Preview.
10+
* *Sending logs using Fluentd*. You can use the Fluentd *out_forward* plug-in to securely send logs to another logging collector using the Fluent forward protocol.
11+
12+
* *Sending logs using syslog*. You can use the Fluentd *syslog* plug-in to send logs to another logging collector using the syslog protocol (RFC 3164). Many logging collectors such as Fluentd, Rsyslog, and others support this protocol.
13+
14+
You can use the xref:../../logging/config/cluster-logging-log-forwarding.adoc#cluster-logging-log-forwarding[log forwarding feature], which can be easier to configure than the plug-ins. The log forwarding feature is currently in Technology Preview.
1115

1216
[IMPORTANT]
1317
====
14-
Changes introduced by the new log forward feature modified the support for *out_forward* starting with the {product-title} 4.3 release. In {product-title} 4.3, you create a ConfigMap to configure *out_forward*, as described below, instead of editing the `secure-forward.conf` section in the `fluentd` ConfigMap. You can add any certificates required by your external devices to a secret, called `secure-forward`, which is mounted to the Fluentd Pods.
15-
16-
When you update to {product-title} 4.3, any existing modifications to the `secure-forward.conf` section of the `fluentd` ConfigMap are removed. You can copy your current `secure-forward.conf` section before updating to use when creating the `secure-forward` ConfigMap.
18+
Changes that are introduced by the new log forwarding feature modified the support for the Fluentd *syslog* plug-in starting with the {product-title} 4.3 release. In {product-title} 4.3, you create a ConfigMap, as described below, to configure a Fluentd plug-in.
1719
====
1820

1921
// The following include statements pull in the module files that comprise
2022
// the assembly. Include any combination of concept, procedure, or reference
2123
// modules required to cover the user story. You can also include other
2224
// assemblies.
2325

24-
include::modules/cluster-logging-collector-external.adoc[leveloffset=+1]
26+
include::modules/cluster-logging-collector-fluentd.adoc[leveloffset=+1]
27+
include::modules/cluster-logging-collector-syslog.adoc[leveloffset=+1]
2528

logging/config/cluster-logging-log-forwarding.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
:context: cluster-logging-log-forwarding
22
[id="cluster-logging-log-forwarding"]
3-
= Forwarding cluster logs to specific endpoints
3+
= Forwarding cluster logs using Log Forwarding
44
include::modules/common-attributes.adoc[]
55

66
toc::[]

modules/cluster-logging-collector-external.adoc renamed to modules/cluster-logging-collector-fluentd.adoc

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,10 @@
22
//
33
// * logging/cluster-logging-external.adoc
44

5-
[id="cluster-logging-collector-external_{context}"]
6-
= Configuring the Fluentd out_forward plug-in to send logs to an external log aggregator
5+
[id="cluster-logging-collector-fluentd_{context}"]
6+
= Configuring the Fluentd forward plug-ins to send logs to an external log aggregator
77

8-
You can configure Fluentd to send a copy of its logs to an external log
9-
aggregator instead of the default Elasticsearch instance using the Fluentd *forward*
10-
plug-in. From there, you can further process log records after the locally
11-
hosted Fluentd has processed them.
8+
You can use the Fluentd *forward* plug-ins to send a copy of your logs to an external log aggregator, instead of the default Elasticsearch.
129

1310
[NOTE]
1411
====
@@ -19,26 +16,25 @@ In this documentation, the {product-title} cluster is called the _sender_ and th
1916

2017
[NOTE]
2118
====
22-
This legacy *out_forward* method is deprecated and will be removed in a future release.
19+
This legacy out_forward method is deprecated and will be removed in a future release.
2320
====
2421

2522
ifdef::openshift-origin[]
26-
The *forward* plug-ins are provided with the Fluentd image as of v1.4.0.
27-
The *out_forward* plug-in implements the client side (sender) and the *in_forward* plug-in implements the server side (receiver).
23+
The forward plug-ins are provided with the Fluentd image as of v1.4.0.
24+
The in_forward plug-in implements the server side (receiver), and out_forward implements the client side (sender).
2825
endif::openshift-origin[]
2926

3027
ifdef::openshift-enterprise,openshift-webscale[]
31-
The *forward* plug-ins are supported by Fluentd only.
32-
The *out_forward* plug-in implements the client side (sender) and the *in_forward* plug-in implements the server side (receiver)
28+
The forward plug-ins are supported by Fluentd only.
29+
The in_forward plug-in implements the server side (receiver), and out_forward implements the client side (sender).
3330
endif::openshift-enterprise,openshift-webscale[]
3431

35-
To configure {product-title} to send logs using *out_forward*, create a ConfigMap called `secure-forward` in the `openshift-logging` namespace that points to a receiver.
36-
On the receiver, configure the *in_forward* plug-in to receive the logs from {product-title}. For more information on using the *in_forward* plug-in, see the link:https://docs.fluentd.org/input/forward[Fluentd documentation].
37-
32+
To configure {product-title} to send logs using out_forward, create a ConfigMap called `secure-forward` in the `openshift-logging` namespace that points to a receiver.
33+
On the receiver, configure the in_forward plug-in to receive the logs from {product-title}. For more information on using the in_forward plug-in, see the link:https://docs.fluentd.org/input/forward[Fluentd documentation].
3834

3935
[IMPORTANT]
4036
====
41-
Changes introduced by the new log forward feature modified the support for *out_forward* starting with the {product-title} 4.3 release. In {product-title} 4.3, you create a ConfigMap, as described below, to configure out_forward. Any updates to the `secure-forward.conf` section of the Fluentd ConfigMap are removed. Before upgrading cluster logging, you can copy your current `secure-forward.conf` section and use the copied data when you create the `secure-forward` ConfigMap.
37+
Changes introduced by the new log forward feature modified the support for out_forward starting with the {product-title} 4.3 release. In {product-title} 4.3, you create a ConfigMap, as described below, to configure out_forward.
4238
4339
Additionally, you can add any certificates required by your configuration to a secret named `secure-forward` that will be mounted to the Fluentd Pods.
4440
====
@@ -125,9 +121,9 @@ metadata:
125121

126122
.Procedure
127123

128-
To configure the *out_forward* plug-in:
124+
To configure the out_forward plug-in:
129125

130-
. Create a configuration file named `secure-forward.conf` for the *out_forward* parameters:
126+
. Create a configuration file named `secure-forward.conf` for the out_forward parameters:
131127
+
132128
.. Configure the secrets and TLS information:
133129
+
@@ -220,8 +216,8 @@ $ oc delete pod --selector logging-infra=fluentd
220216

221217
. Configure the `secure-forward.conf` file on the receiver to accept messages securely from {product-title}.
222218
+
223-
When configuring the recevier, it must be able to accept messages securely from {product-title}.
219+
When configuring the receiver, it must be able to accept messages securely from {product-title}.
224220

225-
You can find further explanation of link:https://docs.fluentd.org/v1.0/articles/in_forward[how to set up the *in_forward* plug-in] and link:https://docs.fluentd.org/v1.0/articles/out_forward[the *out_forward* plug-in].
221+
You can find further explanation of link:https://docs.fluentd.org/v1.0/articles/in_forward[how to set up the in_forward plug-in] and link:https://docs.fluentd.org/v1.0/articles/out_forward[the out_forward plug-in].
226222

227223

Lines changed: 179 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,179 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * logging/cluster-logging-external.adoc
4+
5+
[id="cluster-logging-collector-syslog_{context}"]
6+
= Sending logs using the Fluentd syslog plug-in (RFC 3164)
7+
8+
You can use the Fluentd *syslog* plug-in to send a copy of your logs to an external syslog server,
9+
not the default Elasticsearch. Note the following about the syslog plug-in:
10+
11+
* uses syslog protocol (RFC 3164), not RFC 5424
12+
* does not support TLS and thus, is not secure
13+
* does not provide Kubernetes metadata, systemd data, or other metadata
14+
15+
[NOTE]
16+
====
17+
The Fluentd syslog plug-in method is deprecated and will be removed in a future release.
18+
====
19+
20+
There are two versions of the Fluentd syslog plug-in:
21+
22+
* *out_syslog*: The non-buffered implementation, which communicates through UDP, does not buffer data and writes out results immediately.
23+
* *out_syslog_buffered*: The buffered implementation, which communicates through TCP, link:https://docs.fluentd.org/buffer[buffers data into chunks].
24+
25+
To configure the Fluentd syslog plug-in, create a configuration file, called `sysconfig.conf`, with the information needed to forward the logs. Then use that file to create a ConfigMap called `syslog` in the `openshift-logging` namespace, which {product-title} uses when forwarding the logs. On the receiver, configure the *in_syslog* plug-in to receive the logs from {product-title}. For more information on using the *in_forward* plug-in, see the link:https://docs.fluentd.org/input/syslog[Fluentd documentation].
26+
27+
[IMPORTANT]
28+
====
29+
Changes introduced by the new log forward feature modified the support for Fluentd syslog plug-in starting with the {product-title} 4.3 release. In {product-title} 4.3, you create a ConfigMap, as described below, to configure the Fluentd syslog plug-in.
30+
====
31+
32+
You can use multiple syslog servers by specifying separate `<store>` stanzas in the configuration file.
33+
34+
.Sample `sysconfig.conf`
35+
----
36+
<store>
37+
@type syslog_buffered <1>
38+
remote_syslog rsyslogserver.openshift-logging.svc.cluster.local <2>
39+
port 514 <3>
40+
hostname fluentd-4nzfz <4>
41+
remove_tag_prefix tag <5>
42+
tag_key ident,systemd.u.SYSLOG_IDENTIFIER <6>
43+
facility local0 <7>
44+
severity info <8>
45+
use_record true <9>
46+
payload_key message <10>
47+
</store>
48+
----
49+
50+
<1> The Fluentd syslog plug-in.
51+
<2> The fully qualified domain name (FQDN) or IP address of the syslog server.
52+
<3> The port number to connect on. Defaults to `514`.
53+
<4> The name of the syslog server.
54+
<5> Removes the prefix from the tag. Defaults to `''` (empty).
55+
<6> The field to set the syslog key.
56+
<7> The syslog log facility or source.
57+
<8> The syslog log severity.
58+
<9> Determines whether to use the severity and facility from the record if available.
59+
<10> The key to set the payload of the syslog message. Defaults to `message`.
60+
61+
62+
// Above definitions from https://github.com/docebo/fluent-plugin-remote-syslog
63+
64+
65+
.Sample `syslog` ConfigMap based on the sample `sysconfig.conf`
66+
67+
[source,yaml]
68+
----
69+
kind: ConfigMap
70+
apiVersion: v1
71+
metadata:
72+
name: syslog
73+
namespace: openshift-logging
74+
data:
75+
sysconfig.conf: |
76+
<store>
77+
@type syslog_buffered
78+
remote_syslog syslogserver.openshift-logging.svc.cluster.local
79+
port 514
80+
hostname fluentd-4nzfz
81+
remove_tag_prefix tag
82+
tag_key ident,systemd.u.SYSLOG_IDENTIFIER
83+
facility local0
84+
severity info
85+
use_record true
86+
payload_key message
87+
</store>
88+
----
89+
90+
.Procedure
91+
92+
To configure the Fluentd syslog plug-in:
93+
94+
. Create a configuration file named `sysconfig.conf` that contains the following
95+
parameters within the `<store>` stanza:
96+
97+
.. Specify the Fluentd syslog plug-in type:
98+
+
99+
----
100+
@type syslog_buffered <1>
101+
----
102+
+
103+
<1> Specify the plug-in to use, either: `syslog` or `syslog_buffered`.
104+
105+
.. Configure the name, host, and port for your external syslog server:
106+
+
107+
----
108+
remote_syslog <remote> <1>
109+
port <number> <2>
110+
hostname <name> <3>
111+
----
112+
+
113+
<1> Specify the FQDN or IP address of the syslog server.
114+
<2> Specify the port of the syslog server.
115+
<3> Specify a name for this syslog server.
116+
+
117+
For example:
118+
+
119+
----
120+
remote_syslog syslogserver.openshift-logging.svc.cluster.local
121+
port 514
122+
hostname fluentd-server
123+
----
124+
+
125+
If you specify two or more receivers, the Fluentd syslog plug-in uses these servers in a round-robin order.
126+
127+
.. Configure the other syslog variables as needed:
128+
+
129+
----
130+
remove_tag_prefix <1>
131+
tag_key <key> <2>
132+
facility <value> <3>
133+
severity <value> <4>
134+
use_record <value> <5>
135+
payload_key message <6>
136+
----
137+
+
138+
<1> Add this parameter to remove the `tag` field from the syslog prefix.
139+
<2> Specify the field to set the syslog key.
140+
<3> Specify the syslog log facility or source. For values, see link:https://tools.ietf.org/html/rfc3164#section-4.1.1[RTF 3164].
141+
<4> Specify the syslog log severity. For values, see link:link:https://tools.ietf.org/html/rfc3164#section-4.1.1[RTF 3164].
142+
<5> Specify `true` to use the severity and facility from the record if available. If `true`, the `container_name`, `namespace_name`, and `pod_name` are included in the output content.
143+
<6> Specify the key to set the payload of the syslog message. Defaults to `message`.
144+
+
145+
For example:
146+
+
147+
----
148+
facility local0
149+
severity info
150+
----
151+
+
152+
The configuration file appears similar to the following:
153+
+
154+
----
155+
<store>
156+
@type syslog_buffered
157+
remote_syslog syslogserver.openshift-logging.svc.cluster.local
158+
port 514
159+
hostname fluentd-4nzfz
160+
tag_key ident,systemd.u.SYSLOG_IDENTIFIER
161+
facility local0
162+
severity info
163+
use_record false
164+
</store>
165+
----
166+
167+
. Create a ConfigMap named `syslog` in the `openshift-logging` namespace from the configuration file:
168+
+
169+
----
170+
$ oc create configmap syslog --from-file=sysconfig.conf -n openshift-logging
171+
----
172+
+
173+
The Cluster Logging Operator redeploys the Fluentd Pods. If the Pods do not redeploy, you can delete the Fluentd
174+
Pods to force them to redeploy.
175+
+
176+
----
177+
$ oc delete pod --selector logging-infra=fluentd
178+
----
179+

0 commit comments

Comments
 (0)