Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Write documentation on collecting systemd logs #2416

Closed
andrzej-stencel opened this issue Jul 11, 2022 · 2 comments
Closed

docs: Write documentation on collecting systemd logs #2416

andrzej-stencel opened this issue Jul 11, 2022 · 2 comments
Assignees
@rnishtala-sumo
Labels
documentation documentation enhancement New feature or request
Milestone
v3.3

Comments

@andrzej-stencel
Copy link
Contributor

We need high-level documentation for collecting systemd logs, akin to https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/v2.11.0/deploy/docs/collecting-kubernetes-events.md for collecting Kubernetes events.

It should describe the frequent use cases, like:

  • disabling collection for specific units, only enabling it for specific units, etc.
  • customizing the collected data - decorating with metadata, filtering, etc.

This might (and hopefully should) result in changes to configuration of the collection, so that the common use cases do not force the user to mess with the raw OTC configuration, or even prevent that configuration from being exposed in the values.yaml file.
@andrzej-stencel andrzej-stencel added enhancement New feature or request documentation documentation labels Jul 11, 2022
@andrzej-stencel andrzej-stencel added this to the v3.0 milestone Jul 11, 2022
@rnishtala-sumo rnishtala-sumo self-assigned this Jan 18, 2023
@perk-sumo perk-sumo modified the milestones: v3.0, 3.1, v3.1 Jan 20, 2023
@perk-sumo perk-sumo modified the milestones: v3.2, v3.3 Feb 21, 2023
@ballensans
Copy link

The ability to gather kernel messages would be fantastic too - they have no "unit" so they kinda fall through the gaps there. In particular, gathering the logs generated by IPTables "LOG" rules and being able to enrich the logs the log prefix and level would be amazing!

Use case - Calico, and I suspect other k8s network policy engines, create underlying IPTables rules to implement the network policy.

Example command to create IPTables LOG rule:

iptables -I OUTPUT -m comment --comment "log all outbound" -j LOG --log-prefix "packet-outbound: " --log-level 5

Results of reading with journalctl:

journalctl --follow --priority 5 | head -5
-- Logs begin at Fri 2023-03-10 19:25:09 EST. --
Mar 16 12:35:35 node01 kernel: packet-outbound: IN= OUT=eth0 SRC=10.38.91.220 DST=10.38.90.210 LEN=88 TOS=0x10 PREC=0x00 TTL=64 ID=19173 DF PROTO=TCP SPT=22 DPT=53153 WINDOW=547 RES=0x00 ACK PSH URGP=0
Mar 16 12:35:35 node01 kernel: packet-outbound: IN= OUT=eth0 SRC=10.38.91.220 DST=10.38.90.210 LEN=88 TOS=0x10 PREC=0x00 TTL=64 ID=19174 DF PROTO=TCP SPT=22 DPT=53153 WINDOW=547 RES=0x00 ACK PSH URGP=0
Mar 16 12:35:38 node01 kernel: packet-outbound: IN= OUT=eth0 SRC=10.38.91.220 DST=10.38.90.210 LEN=88 TOS=0x10 PREC=0x00 TTL=64 ID=19175 DF PROTO=TCP SPT=22 DPT=53153 WINDOW=547 RES=0x00 ACK PSH URGP=0
Mar 16 12:35:38 node01 kernel: packet-outbound: IN= OUT=eth0 SRC=10.38.91.220 DST=10.38.90.210 LEN=88 TOS=0x10 PREC=0x00 TTL=64 ID=19176 DF PROTO=TCP SPT=22 DPT=53153 WINDOW=547 RES=0x00 ACK PSH URGP=0

Selecting / enriching the logs baed on the prefix (packet-outbound: above) would be great.

@andrzej-stencel
Copy link
Contributor Author

This is done, docs are here: https://help.sumologic.com/docs/send-data/kubernetes/collecting-logs/#systemd-logs

@dindurthy dindurthy mentioned this issue Aug 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rnishtala-sumo rnishtala-sumo

Labels
documentation documentation enhancement New feature or request
Projects
None yet
Milestone
v3.3
Development

No branches or pull requests
4 participants
@ballensans @perk-sumo @andrzej-stencel @rnishtala-sumo