K
Q

Configuring Fluentd to receive logs from non-cluster application in openshift (okd3.11)

12/18/2019

We have deployment of IOT based solution in which we have multiple application deployed on Openshift OKD 3.11, We are using Fluentd for central logging.

Our couple of applications are deployed outside of OKD cluster we want to use OKD Cluster Fluentd for those application.

  • Does OKD Fluentd provide such option or expose any route to receive logs from out of cluster?

  • Fluentd has syslog plugin "https://docs.fluentd.org/input/syslog", Cant we add configuration and expose below port as service?

    <source> @type syslog port 5140 bind 0.0.0.0 tag system </source>

  • In fluent.conf i saw entries of two configurations which are currently empty, so whats their intended purpose?

    sources

    @include configs.d/dynamic/input-syslog-*.conf

    filters

    @include configs.d/openshift/filter-syslog-record-transform.conf

EDIT1:

so i add following in configmap of fluentd

<source>
  @type syslog
  protocol_type tcp
  port 5140
  bind 0.0.0.0
  tag mysyslog
</source>

I verified now fluentd open connection on above port to receive syslogs

# tail -f /var/log/fluentd/fluentd.log
2020-01-02 17:29:14 -0500 [info]: following tail of /var/log/containers/logging-curator-1577953800-cfs28_openshift-logging_curator-d47c5cf8efbe4e271db19abb9adc9d46ff869f44fad15e23775d9508b66dda5c.log
**2020-01-02 17:29:14 -0500 [info]: listening syslog socket on 0.0.0.0:5140 with tcp**
2020-01-02 17:29:14 -0500 [info]: Connection opened to Elasticsearch cluster => {:host=>"logging-es", :port=>9200, :scheme=>"https", :user=>"fluentd", :password=>"obfuscated"}
2020-01-02 17:29:40 -0500 [info]: stats - namespace_cache_size: 7, pod_cache_size: 13, namespace_cache_api_updates: 13, pod_cache_api_updates: 13, id_cache_miss: 13

To test it i sent messages with logger command

logger -T -n 0.0.0.0 -P 5140 "Test message"

logger -T -n 0.0.0.0 -P 5140 '<16>1 2020-01-03T12:39:00.003Z 192.168.0.1 fluentd 11111 ID24224 [exampleSDID@20224 iut="3" eventSource="Application" eventID="11211"] Hi, from syslog'

logger -T -n 0.0.0.0 -P 5140 "<9>Jan 03 12:00:00 192.168.0.1 fluentd[11111]: [error] Syslog test"

but i am unable to see logs in kibana, i checked .all index, As per follwoing configuration application.conf matches everything left.

<label @OUTPUT>
#matches
  @include configs.d/openshift/output-pre-*.conf
  @include configs.d/user/output-syslog-pkgctrl.conf
  @include configs.d/user/output-operations.conf
  @include configs.d/openshift/output-applications.conf
  # no post - applications.conf matches everything left
#
</label>

Do i need to configure filter or match separatly or i am sending wrong message format?

-- ImranRazaKhan
efk
fluentd
kubernetes
okd
openshift-origin

Similar Questions

K8s RBAC serviceaccount with extended permissions
Interplay between Ingress and Service
Error: failed to prepare subPath for volumeMount "site-data" of container "test-app"
send http request headers from ingress to prometheus
How to get kubernetes namespace in webhook alert payload?

0 Answers