Other than creating a different filter for non-error messages, there is little difference between the above syslog-ng configuration and the one you have provided. It should be as efficient as possible in terms of resource consumption (cpu and memory). Even after being imported into ElasticSearch, the logs must remain available with the docker logs command. data/syslog-ng/conf/nf: filter info to /var/log/syslog and error to /var/log/error "scl.conf" All the docker container logs (available with the docker logs command) must be searchable in the Kibana interface. Hack.sh: A shell script that logs to stderr and stdout #!/bin/sh '$PWD/data/syslog-ng/conf/nf:/etc/syslog-ng/nf' I setup the following project to demonstrate an example. This is why the filtering has to be performed on the network source which is just as you have done.
I thought that syslog-ng was running in the host.Īs syslog-ng is running in the container, the docker daemon is collecting the logs from the running container and sending it over the network to the syslog server. My original reply to set up a /dev/stderr source was misinformed. How can I tell syslog-ng to treat STDERR messages as errors?
This is an extract of my nf inside the syslog-ng container: 3.25 Then I expected syslog-ng to understand it to be an error, but it does not. I was assuming that everything thrown to STDERR from inside another container should be seen by syslog-ng as an error, so when I started a container like this: docker run -dit -log-driver syslog -log-opt syslog-address=tcp://my_syslog:601 alpine echo "boom" > /dev/stderr I'm also trying to save error logs on a different file. I have a syslog-ng container that collects logs from other containers running on the same application, and normal logging works as intended: every container send its logs and syslog-ng saves them on separate files, as defined in nf.
0 kommentar(er)
