0

I have implemented Rsyslog server for fetch the pod logs from EKS nodes (Rsyslog client). Everything is working fine but in the logs I need pod name or something uniq to identify the log entries belongs to the specific pod. If any alternative, please let me know.

Pod loglocation is STDOUT.

server config:

45-server-rsyslog.conf:

#
# Use $MaxMessageSize to handle more than 6KB message size.
# Add it before loading imudp.so/imtcp.so module
#
$MaxMessageSize 64k

# Load needed Modules
module(load="imudp")     # needs to be done just once
input(type="imudp" port="514")

module(load="imrelp") # needs to be done just once
input(type="imrelp" port="20500")
input(type="imrelp" port="20514" tls="on"
  tls.caCert="/etc/rsyslog-certs/ca.pem"
  tls.myCert="/etc/rsyslog-certs/rsyslog-server-cert.pem"
  tls.myPrivKey="/etc/rsyslog-certs/rsyslog-server-key.pem"
  tls.authMode="fingerprint"
  tls.permittedpeer=["SHA1:xxxxxxxxxxxxxxxxxxxxxxx"]
)

#$ModLoad imtcp
module(load="imtcp" MaxSessions="500")
input(type="imtcp" port="514")

# Try to avoid 'last message repeated' appearing in the logs directory
$RepeatedMsgReduction off
if $msg contains "last message repeated" then {
   /var/log/syslog
   stop
}

set $.service_name = "none";
set $.container_name = "none";

# Check programname and update service_name and container_name accordingly

if ($programname contains "istio-proxy") then {
        set $.service_name = re_extract($programname, '^(.*)-istio-proxy$', 0, 1, 0);
        set $.container_name = "istio-proxy";
} else if ($programname contains "istio-init") then {
        set $.service_name = re_extract($programname, '^(.*)-istio-init$', 0, 1, 0);
        set $.container_name = "istio-init";
} else if not ($programname contains "istio-init") and not ($programname contains "istio-proxy") then {
       if ( $programname startswith "cwf-") or ($programname startswith "ss-") or ($programname startswith "cm-") then {
               set $.service_name = $programname;
               set $.container_name = $programname;
       }
}

template(name="Dyn_AppLogs" type="string" string="/var/log/rs_ops/eks/%$.service_name%/%$.container_name%.log")

if ( $.service_name != "none" ) and ( $.container_name != "none" )then {
    if ( $syslogfacility-text == 'local0' ) then {
        action(name="Dyn_AppLogs" type="omfile" DirCreateMode="0755" FileCreateMode="0640" FileGroup="syslog" FileOwner="syslog" DynaFile="Dyn_AppLogs" dynaFileCacheSize="500")
        stop
    }
}

template(name="Dyn_MiscLogs" type="string" string="/var/log/rs_ops/misc/%APP-NAME%/%APP-NAME%.log")

if not ( $programname startswith "cwf-") or not ($programname startswith "ss-") or not ($programname startswith "cm-") then {
    action(name="Dyn_MiscLogs" type="omfile" DirCreateMode="0755" FileCreateMode="0640" FileGroup="syslog" FileOwner="syslog" DynaFile="Dyn_MiscLogs" dynaFileCacheSize="500")
    stop
}

client config:

30-microservice-client-rsyslog.conf:

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 20500

# Load the imfile module
$ModLoad imfile

# Remote logging for docker apps (no TLS)

# Reliable Event Logging Protocol - network transport that we use for logs
module(load="omrelp")

template(name="docker_apps_remote" type="string"
         string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%:%msg%\n"
         )

action(name="docker_apps_remote" type="omrelp" target="xxxxxxx.com" port="20500" template="docker_apps_remote" tls="off"
        # TLS directives only when encrypting traffic
        queue.filename="docker_app_queue"
        queue.type="linkedlist"
        queue.spoolDirectory="/var/spool/rsyslog"
        queue.highwatermark="8000"
        queue.lowwatermark="6000"
        queue.maxdiskspace="1g"
        queue.timeoutenqueue="0"
        queue.saveonshutdown="on"
        queue.size="10000" )

*.* @@xxxxxxx.com:20500

ss-service-manager-web-rsyslog.conf:

# ss-service-manager-web rsyslog config

# Define input file for ss-service-manager-web logs
input(type="imfile"
      File="/var/log/pods/cwf-ss_ss-service-manager-web*/ss-service-manager-web/*.log"
      Tag="ss-service-manager-web"
      Severity="info"
      Facility="local0"
)

# Define input file for istio-init logs
input(type="imfile"
      File="/var/log/pods/cwf-ss_ss-service-manager-web*/istio-init/*.log"
      Tag="ss-service-manager-web-istio-init"
      Severity="info"
      Facility="local0"
)

# Define input file for istio-proxy logs
input(type="imfile"
      File="/var/log/pods/cwf-ss_ss-service-manager-web*/istio-proxy/*.log"
      Tag="ss-service-manager-web-istio-proxy"
      Severity="info"
      Facility="local0"

Thank You!

0

You must log in to answer this question.

Browse other questions tagged .