From 781e65ac5dde325b3771859c41709633cff32a42 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Wed, 14 Aug 2019 13:04:25 -0500 Subject: [PATCH] Fluentd: Update kernel and auth inputs to use systemd This updates the overrides provided for deploying fluentd as a daemonset to get kernel messages from the journal instead of /var/log/kern.log directly, and also uses the journal to get messages associated with logging to auth.log (syslog facility 10). This provides additional metadata and a cleaner interface for gathering these logs via fluentd Change-Id: I8e832db276095771d6a869e998d7a69795dfee37 Signed-off-by: Steve Wilkerson --- tools/deployment/common/fluentd-daemonset.sh | 52 ++++++++------------ 1 file changed, 21 insertions(+), 31 deletions(-) diff --git a/tools/deployment/common/fluentd-daemonset.sh b/tools/deployment/common/fluentd-daemonset.sh index 432120d41..985a2a5f4 100755 --- a/tools/deployment/common/fluentd-daemonset.sh +++ b/tools/deployment/common/fluentd-daemonset.sh @@ -90,23 +90,16 @@ conf: - @type tail - tag kernel - path /var/log/kern.log - read_from_head true - - @type none - - - - - @type tail + @type systemd tag auth - path /var/log/auth.log + path /var/log/journal + matches [{ "SYSLOG_FACILITY":"10" }] read_from_head true - - @type none - + + + fields_strip_underscores true + fields_lowercase true + @@ -135,6 +128,19 @@ conf: + + @type systemd + tag kernel + path /var/log/journal + matches [{ "_TRANSPORT": "kernel" }] + read_from_head true + + + fields_strip_underscores true + fields_lowercase true + + + @type kubernetes_metadata @@ -155,22 +161,6 @@ conf: - - @type record_transformer - - hostname "#{ENV['NODE_NAME']}" - fluentd_pod "#{ENV['POD_NAME']}" - - - - - @type record_transformer - - hostname "#{ENV['NODE_NAME']}" - fluentd_pod "#{ENV['POD_NAME']}" - - - @type null