K
Q

OMS custom logs from AKS container

9/7/2018

My company are starting to use AKS for their apps, and obviously one of the goals is to grab the logs from the app, send it to OMS and make it searchable. I have installed the OMS agent that comes with the AKS health monitoring 'tick box', which essentially installs an agent on each node and sends logs to OMS.

Standard Kubernetes logging advises to send logs to STDOUT and STDERR, which is fine for the basic types of logging, but our apps span over a couple of lines for 1 log, and there will be multiple apps within the same container outputting; 3 apps all in one container sending straight to STDOUT/ERR... not really the ideal situation for sifting through.

At the moment I have attached an Azure Storage Account to the container and directed the logs to that, mounting Azure File Storage as /var/log/ directory, which is great because we can split the logs into different log files. Following this as a guide; https://medium.com/@diegomrtnzg/monitoring-your-log-files-with-kubernetes-in-azure-b2a92e674947

I also instructed OMS to read from a custom log directory using these instructions; https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-sources-custom-logs

However, I have since discovered this won't work. I'm assuming it's because the agent is not aware of each containers file system and only looks at STDOUT/ERR instead.

I also know that we can use parsing in Log Analytics in our search queries to find the logs we want, but I would much prefer to have this already done via custom log input, and it's not really helpful if the log spans over a couple of lines, broken up (as mentioned above); https://blogs.msdn.microsoft.com/ukhybridcloud/2017/09/19/azure-log-analytics-using-the-parse-operator/

I know that we are unable to tell OMS to pull logs from a storage account; https://feedback.azure.com/forums/267889-log-analytics/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

QUESTION So, finally... my question comes about. I'm hoping that we are not the only ones who have been in this situation and can help advise me on what best action to take.

How do we get full, structured, multi-line log files from 3 apps (or more) sitting in 1 AKS container to OMS that's been parsed and not in broken segments?

Any help on this would be greatly appreciated.

-- Beefcake
azure
azure-oms
kubernetes

Similar Questions

Final step in creating cockroachdb user certificates on Kubernetes (GKE)
Charts McRouter - How to amend the memcache resources like memory and cpu
Use HTTP proxy for Kubernetes go-client
Include Pod creation time in Kubernetes Pod name
Helm/Vault/Kubernetes— How to interpolate a Helm variable within the Secret Path for Vault Sidecar Injector?
Unable to create POD in kubernetes1 Getting error
How would I connect to a MySQL on the host machine from inside a docker kubernetes pod?

0 Answers