sendgridlabs / loggly-docker Goto Github PK
View Code? Open in Web Editor NEWDocker container for loggly (via syslog)
License: MIT License
Docker container for loggly (via syslog)
License: MIT License
I just fired up a sendgridlabs/loggly-docker:1.5
instance via Docker Compose on Docker for Mac (Version 17.06.0-ce-mac19 (18663)) and events are not being sent to Loggly.
I see these errors in the logs:
rsyslogd: unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]
# ...
rsyslogd-2359: action 'action 1' resumed (module 'builtin:omfwd') [v8.9.0 try http://www.rsyslog.com/e/2359 ]
Those links don't help much, except to clarify that the first one is a TLS issue.
I'm searching around but I haven't come up with much... I'm guessing it's a problem with the loggly.crt
that gets added?
Seems like the container is super minimal, and I'm honestly not sure how to debug it...
If I start the container with:
docker run --rm -p 1514:514/tcp --name loggly-docker -e LOGGLY_AUTH_TOKEN=my-token -e LOGGLY_TAG=DockerDev -e LOGGLY_DEBUG=true sendgridlabs/loggly-docker
Then send a log over tcp:
echo netcat:"Host test log" | nc -w 1 192.168.99.100 1514
The container exits without any error messages.
I need to use tcp instead of udp in order to run multiple loggly containers in ECS behind ELB
It would be nice to allow passing of more than one TAG value that would translate into multiple TAG= values passed in the log template via 50-default.conf.
The following command in the run.sh file didn't work.
exec /usr/sbin/rsyslogd -n
It gives the following error
Error: /tmp/run.sh: line 16: /usr/sbin/rsyslogd: No such file or directory
I have tried with the following command which worked for me.
exec rsyslogd -n
The Loggly container always errors out seconds after launch with "projectname_loggly-docker_1 exited with code 139"
Any one run into this before?
Thanks for great container! However, when we use it with docker-compose, the container just start then stop without logs, do you have any solutions for this?
TLS support is enabled in rsyslog.conf
, but communication with Loggly still happens over port 514 and is not encrypted. This is likely because TLS support is enabled after the line that enables sending everything to Loggly.
I'm getting errors that are internal for syslog. Here's the error:
severity: Error
timestamp: 2016-03-07T17:57:59.638236+00:00
facility: messages generated internally by syslogd
priority: 43
host: 17010d56a5f9
unparsed:
message: unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]
I use docker like that (docker-compose format):
loggly-docker:
restart: always
image: sendgridlabs/loggly-docker
ports:
- 514/udp
environment:
- TAG=MyTag
- TOKEN=xxxx
it also sends some other non application specific messages like:
action 'action 1' resumed (module 'builtin:omfwd') [v8.9.0 try http://www.rsyslog.com/e/2359 ]
-- MARK --
but I'm ok with those since at least they don't say "error" in them :)
I deployed the latest release of the Docker image yesterday, and the host ran out of disk space within minutes. It appears the loggly-docker
container continuously writes (to its own logs) messages of the following format: 2015-09-29T01:10:22Z f99888cdb546 c63793e7-0278-4c05-8607-89104e669ca3[1]:
, where the UUID appears to be the name of the container sending the syslog message (in my case, a logspout
container). The logs are written to Loggly as well. I use https://github.com/gliderlabs/logspout to push log messages to loggly-docker
over UDP, but i have a yet untested suspicion that the messages from loggly-docker
container are getting caught by logspout
which in turn sends them back to loggly-docker
in a nightmare of recursion.
I reverted to version 1.0 for now which doesn't have this issue.
Is there a way we can add docker hostname with the container hostname when pushing to loggly?
Why are you not making this an "Automated Build"?
With the recommended command, the container won't restart when the host reboots. When I add --restart=always
to that command, the container repeatedly tries to start and fails after host reboot.
docker ps
shows STATUS as Restarting (1) *n* seconds ago
$ docker logs loggly-docker
rsyslogd: pidfile '/var/run/rsyslogd.pid' and pid 1 already exist.
If you want to run multiple instances of rsyslog, you need to specify
different pid files for them (-i option).
rsyslogd: run failed with error -3000 (see rsyslog.h or try http://www.rsyslog.com/e/3000 to learn what that number means)
rsyslogd: pidfile '/var/run/rsyslogd.pid' and pid 1 already exist.
etc..
I was getting error while sending server log using loggly container. The error is
unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]
I logged into the container and found out that it is not using the updated configuration for rsyslog as mentioned in the documentation, https://www.loggly.com/docs/rsyslog-tls-configuration/
Linux release information
/ # cat /etc/*-release
3.3.1
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.3.1
PRETTY_NAME="Alpine Linux v3.3"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
Rsyslog version
/ # rsyslogd -v
rsyslogd 8.9.0, compiled with:
PLATFORM: x86_64-alpine-linux-musl
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
See http://www.rsyslog.com for more information.
Rsyslog configuration
/ # cat /etc/rsyslog.conf
# Input modules
$ModLoad immark.so # provide --MARK-- message capability
$ModLoad imuxsock.so # provide local system logging (e.g. via logger command)
$ModLoad imudp # provides UDP syslog reception
$ModLoad imtcp # provides TCP syslog reception
# Output modules
$ModLoad omstdout.so # provide messages to stdout
# Loggly template format
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [token-removed-for-posting@41058 tag=\"ript-api-server\"] %msg%\n"
# Setup disk assisted queues. An on-disk queue is created for this action.
# If the remote host is down, messages are spooled to disk and sent when
# it is up again.
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
#RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/loggly.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.loggly.com
# Send everything to Loggly over TLS
*.* @@logs-01.loggly.com:6514;LogglyFormat
# TCP Syslog Server
$InputTCPServerRun 514 # start a TCP syslog server at standard port 514
# UDP Syslog Server
$UDPServerRun 514 # start a UDP syslog server at standard port 514
It will be helpful to update the configuration and release the updated container.
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.