-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOG-1286: Pick daemon names when configuring addLogSource field #1018
LOG-1286: Pick daemon names when configuring addLogSource field #1018
Conversation
/test e2e-operator |
1 similar comment
/test e2e-operator |
/approve |
@alanconway Thank you for your review. I have an issue for e2e testing in forward_to_syslog_test.go. I will fix it and remove "WIP:". |
/test lint |
505cc2b
to
7814b0e
Compare
/test e2e-operator |
1 similar comment
/test e2e-operator |
<match journal.** system.var.log**> | ||
@type copy | ||
{{include .StoreTemplate . "pick_daemon_name" | indent 4}} | ||
</match> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i dont catch using the syslog store template here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Infrastructure pod logs and journal logs are sent under "infrastructure".
But the infrastructure pod logs doesn't have $.systemd.u.SYSLOG_IDENTIFIER.
So I splitted "infrastructure" stream into the pod logs and the journal logs and then injected the daemon name into the journal logs only.
This syslog store template is for the journal logs. I will add some comments to explain this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please add an e2e/functional test to highlight the use of the changes
I will add a e2d testcase for this PR. |
@k-keiichi-rh What's the status of this PR? Is it still WIP or is it ready to consider for merge? |
I believe that the function is ready to consider for merge. |
1825a66
to
b2ff008
Compare
/test e2e-gcp |
1 similar comment
/test e2e-gcp |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alanconway, k-keiichi-rh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @k-keiichi-rh, you need to add "Bug 1891886:" in front of the title of this PR so that the CI bot will associate it with the BZ. |
@k-keiichi-rh: This pull request references Bugzilla bug 1891886, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@alanconway Hi. Thank you for the comment. I am a little confused. |
@k-keiichi-rh: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/refresh |
@jcantrill: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold cancel |
Is this a bug? If so, how critical is it that it gets into 5.0 or even 4.6? Can we simply backport to 5.1 and ask user's to upgrade? We would prefer to backport as few releases as possible if user's are capable of working around the issue. If not, the BZ should be for logging 4.6 and we should have JIRA issues for the 5.x code changes |
Thank you for the clarification. This is a feature request to 5.2, not a bug. So we don't need to backport to previous versions. |
LOG-1286: Pick daemon names when configuring addLogSource field
Description
The current syslog forwarding can not report who outputted logs in journal log when configuring addLogSource field.
To identify the daemon name, the "systemd.u.SYSLOG_IDENTIFIER" in journal log record is what information we want.
So fluentd can pick their daemon names from journal log records.
This PR enhances the addLogSource field in Log Forwarding API by splitting infrastructure stream into journal log and pod log and injecting daemon names into the journal log stream.
So this change is limited to the addLogSource field related code.
This PR picks the originating process name and id(known as the "pid") from the record and injects them into the header field.
There are three type messages in the journal log and the process information are injected like the following:
"Tag" and "AppName" fields in CLF are ignored for the system messages when enabling the "AddLogSource" field.
Any daemon information are not injected to the kernel messages.
Any daemon information are not injected to the pod messages.
The "fluentd:" is overwritten by specifying "Tag" and "AppName" fields.
/cc @vimalk78 @alanconway
Links