You can use the syslog RFC3164 protocol to send logs to destinations outside of your {product-title} cluster by creating a configuration file and config map. You are responsible for configuring the external log aggregator, such as a syslog server, to receive the logs from {product-title}.
Important
|
This method for forwarding logs is deprecated in {product-title} and will be removed in a future release. |
There are two versions of the syslog protocol:
-
out_syslog: The non-buffered implementation, which communicates through UDP, does not buffer data and writes out results immediately.
-
out_syslog_buffered: The buffered implementation, which communicates through TCP and buffers data into chunks.
To send logs using the syslog protocol, create a configuration file called syslog.conf
, with the information needed to forward the logs. Then, use that file to create a config map called syslog
in the openshift-logging
project, which {product-title} uses when forwarding the logs.
-
You must have a logging server that is configured to receive the logging data using the specified protocol or format.
<store>
@type syslog_buffered
remote_syslog rsyslogserver.example.com
port 514
hostname ${hostname}
remove_tag_prefix tag
facility local0
severity info
use_record true
payload_key message
rfc 3164
</store>
You can configure the following syslog
parameters. For more information, see the syslog RFC3164.
-
facility: The syslog facility. The value can be a decimal integer or a case-insensitive keyword:
-
0
orkern
for kernel messages -
1
oruser
for user-level messages, the default. -
2
ormail
for the mail system -
3
ordaemon
for the system daemons -
4
orauth
for the security/authentication messages -
5
orsyslog
for messages generated internally by syslogd -
6
orlpr
for the line printer subsystem -
7
ornews
for the network news subsystem -
8
oruucp
for the UUCP subsystem -
9
orcron
for the clock daemon -
10
orauthpriv
for security authentication messages -
11
orftp
for the FTP daemon -
12
orntp
for the NTP subsystem -
13
orsecurity
for the syslog audit logs -
14
orconsole
for the syslog alert logs -
15
orsolaris-cron
for the scheduling daemon -
16
–23
orlocal0
–local7
for locally used facilities
-
-
payloadKey: The record field to use as payload for the syslog message.
-
rfc: The RFC to be used for sending logs using syslog.
-
severity: The syslog severity to set on outgoing syslog records. The value can be a decimal integer or a case-insensitive keyword:
-
0
orEmergency
for messages indicating the system is unusable -
1
orAlert
for messages indicating action must be taken immediately -
2
orCritical
for messages indicating critical conditions -
3
orError
for messages indicating error conditions -
4
orWarning
for messages indicating warning conditions -
5
orNotice
for messages indicating normal but significant conditions -
6
orInformational
for messages indicating informational messages -
7
orDebug
for messages indicating debug-level messages, the default
-
-
tag: The record field to use as a tag on the syslog message.
-
trimPrefix: The prefix to remove from the tag.
To configure {product-title} to forward logs using the legacy configuration methods:
-
Create a configuration file named
syslog.conf
and specify parameters similar to the following within the<store>
stanza:<store> @type <type> (1) remote_syslog <syslog-server> (2) port 514 (3) hostname ${hostname} remove_tag_prefix <prefix> (4) facility <value> severity <value> use_record <value> payload_key message rfc 3164 (5) </store>
-
Specify the protocol to use, either:
syslog
orsyslog_buffered
. -
Specify the FQDN or IP address of the syslog server.
-
Specify the port of the syslog server.
-
Optional: Specify the appropriate syslog parameters, for example:
-
Parameter to remove the specified
tag
field from the syslog prefix. -
Parameter to set the specified field as the syslog key.
-
Parameter to specify the syslog log facility or source.
-
Parameter to specify the syslog log severity.
-
Parameter to use the severity and facility from the record if available. If
true
, thecontainer_name
,namespace_name
, andpod_name
are included in the output content. -
Parameter to specify the key to set the payload of the syslog message. Defaults to
message
.
-
-
With the legacy syslog method, you must specify
3164
for therfc
value.
-
-
Create a config map named
syslog
in theopenshift-logging
project from the configuration file:$ oc create configmap syslog --from-file=syslog.conf -n openshift-logging
The Red Hat OpenShift Logging Operator redeploys the Fluentd pods. If the pods do not redeploy, you can delete the Fluentd pods to force them to redeploy.
$ oc delete pod --selector logging-infra=fluentd