Add support for publishing logs to NATS.

[ebusto]

Related issue: Resolves 34890

Checklist for submitter

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.

Testing

• Added/updated automated tests
• QA'd all new/changed functionality manually

New Fleet configuration settings

Looking at other log destinations, I couldn't find anything relevant in GitOps. Please let me know if I missed something, however.

fleetd/orbit/Fleet Desktop

I've tested this on both Linux and MacOS.

[codecov]

Codecov Report

❌ Patch coverage is 58.30258% with 113 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.85%. Comparing base (ef411a0) to head (55d06da).
⚠️ Report is 74 commits behind head on main.

Files with missing lines	Patch %	Lines
server/logging/nats.go	66.33%	48 Missing and 19 partials ⚠️
server/logging/logging.go	0.00%	17 Missing ⚠️
cmd/fleet/serve.go	0.00%	14 Missing ⚠️
server/service/service_appconfig.go	0.00%	9 Missing ⚠️
...ogDestinationIndicator/LogDestinationIndicator.tsx	0.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #36527      +/-   ##
==========================================
- Coverage   65.86%   65.85%   -0.02%     
==========================================
  Files        2361     2363       +2     
  Lines      187305   187608     +303     
  Branches     8010     7976      -34     
==========================================
+ Hits       123364   123540     +176     
- Misses      52664    52766     +102     
- Partials    11277    11302      +25     

Flag	Coverage Δ
backend	67.69% <59.62%> (-0.02%)	⬇️
frontend	54.40% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rachaelshaw]

@ebusto thanks for your contribution! Temporarily converting this to a draft PR while we bring this change through our Drafting process. You'll be notified on the connected issue once it makes it into a release.

[nulmete]

LGTM ✅ . I have a few comments in server/logging/nats.go, but nothing major.

I've tested this locally as follows (will document it in a follow-up PR):

• Installed nats: go install github.com/nats-io/natscli/nats@latest
• Started the NATS server locally: nats-server:

• Start fleet with the following flags:

FLEET_ACTIVITY_ENABLE_AUDIT_LOG=true FLEET_ACTIVITY_AUDIT_LOG_PLUGIN=nats FLEET_OSQUERY_RESULT_LOG_PLUGIN=nats FLEET_OSQUERY_STATUS_LOG_PLUGIN=nats FLEET_NATS_SERVER=nats://localhost:4222 FLEET_NATS_STATUS_SUBJECT=osquery_status FLEET_NATS_RESULT_SUBJECT=osquery_result FLEET_NATS_AUDIT_SUBJECT=fleet_audit ./build/fleet serve --dev

• Configured a scheduled query:

• On a separate terminal, ran ./nats --server=nats://localhost:4222 subscribe ">". Per GPT, this listens on all subjects and prints any messages that get published. Eventually, I saw the query results being logged:

EDIT: I also tested with one of the authentication methods, NKey:

• Install nkey: go install github.com/nats-io/nkeys/nk@latest.
• Run nk -gen user -pubout. This will output something like:

SUxxx
Uyyy

• Copy the output above to a txt file, e.g. nkey-cred-file.txt.
• Create a new NATS server config file, such as nats-server-config.conf with this content:

authorization {
  users = [
    {
      nkey: "Uxxx"
    }
  ]
}

• Start the NATS server providing the config file above: ./nats-server -config nats-server-config.conf. You should see a log saying Using configuration file: nats-server-config.conf.

• Start fleet specifying the NKey cred file to use:

FLEET_ACTIVITY_ENABLE_AUDIT_LOG=true FLEET_ACTIVITY_AUDIT_LOG_PLUGIN=nats FLEET_OSQUERY_RESULT_LOG_PLUGIN=nats FLEET_OSQUERY_STATUS_LOG_PLUGIN=nats FLEET_NATS_SERVER="nats://localhost:4222" FLEET_NATS_STATUS_SUBJECT=osquery_status FLEET_NATS_RESULT_SUBJECT=osquery_result FLEET_NATS_AUDIT_SUBJECT=fleet_audit FLEET_NATS_NKEY_FILE="nkey-cred-file.txt" ./build/fleet serve --dev

[nulmete]

I'd remove the comment on L66 and rename the variable to a more intent-revealing name, e.g. supportedCompressionAlgorithms.

Also, this could probably be a slice instead of a map[string]bool. Since all entries are effectively true, the boolean doesn’t add much value, and a list of supported algorithms feels more readable and intuitive here. With so few elements, performance isn’t really a concern IMO.

[lucasmrod]

Idiomatic Go for sets is map[string]struct{}.

[nulmete]

The method's name already makes me infer that it does this, so I'd remove this comment.

[nulmete]

since this is a boolean I'd prefix it with is or has, or maybe in this case useJetstream

[nulmete]

IMO, some of the comments in this file shouldn't be needed since the reader can infer what the code does by reading the variable names or following through the statements. For example, the comment above NewNatsLogWriter says // NewNatsLogWriter creates a new NATS log writer., which I don't think adds any value and is also redundant.

[iansltx]

Approving FE for LogDestinationIndicator.tsx and frontend/interfaces/config.ts.

[rachaelshaw]

@ebusto this change shipped in Fleet 4.80.0. Thanks for adding this feature! 🎉