sendgridlabs / loggly-docker Goto Github PK

I just fired up a sendgridlabs/loggly-docker:1.5 instance via Docker Compose on Docker for Mac (Version 17.06.0-ce-mac19 (18663)) and events are not being sent to Loggly.

I see these errors in the logs:

rsyslogd: unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function.  [v8.9.0 try http://www.rsyslog.com/e/2078 ]
# ...
rsyslogd-2359: action 'action 1' resumed (module 'builtin:omfwd') [v8.9.0 try http://www.rsyslog.com/e/2359 ]

Those links don't help much, except to clarify that the first one is a TLS issue.

I'm searching around but I haven't come up with much... I'm guessing it's a problem with the loggly.crt that gets added?

Seems like the container is super minimal, and I'm honestly not sure how to debug it...

If I start the container with:

docker run --rm -p 1514:514/tcp --name loggly-docker -e LOGGLY_AUTH_TOKEN=my-token -e LOGGLY_TAG=DockerDev -e LOGGLY_DEBUG=true sendgridlabs/loggly-docker

Then send a log over tcp:

echo netcat:"Host test log" | nc -w 1 192.168.99.100 1514

The container exits without any error messages.

I need to use tcp instead of udp in order to run multiple loggly containers in ECS behind ELB

It would be nice to allow passing of more than one TAG value that would translate into multiple TAG= values passed in the log template via 50-default.conf.

The following command in the run.sh file didn't work.

exec /usr/sbin/rsyslogd -n

It gives the following error

Error: /tmp/run.sh: line 16: /usr/sbin/rsyslogd: No such file or directory


I have tried with the following command which worked for me.

exec rsyslogd -n

The Loggly container always errors out seconds after launch with "projectname_loggly-docker_1 exited with code 139"

Any one run into this before?

Thanks for great container! However, when we use it with docker-compose, the container just start then stop without logs, do you have any solutions for this?

TLS support is enabled in rsyslog.conf, but communication with Loggly still happens over port 514 and is not encrypted. This is likely because TLS support is enabled after the line that enables sending everything to Loggly.

I'm getting errors that are internal for syslog. Here's the error:

severity: Error
timestamp: 2016-03-07T17:57:59.638236+00:00
facility: messages generated internally by syslogd
priority: 43
host: 17010d56a5f9
unparsed:
message: unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]

I use docker like that (docker-compose format):

loggly-docker:
  restart: always
  image: sendgridlabs/loggly-docker
  ports:
   - 514/udp
  environment:
   - TAG=MyTag
   - TOKEN=xxxx

it also sends some other non application specific messages like:

action 'action 1' resumed (module 'builtin:omfwd') [v8.9.0 try http://www.rsyslog.com/e/2359 ]
-- MARK --

but I'm ok with those since at least they don't say "error" in them :)

I deployed the latest release of the Docker image yesterday, and the host ran out of disk space within minutes. It appears the loggly-docker container continuously writes (to its own logs) messages of the following format: 2015-09-29T01:10:22Z f99888cdb546 c63793e7-0278-4c05-8607-89104e669ca3[1]:, where the UUID appears to be the name of the container sending the syslog message (in my case, a logspout container). The logs are written to Loggly as well. I use https://github.com/gliderlabs/logspout to push log messages to loggly-docker over UDP, but i have a yet untested suspicion that the messages from loggly-docker container are getting caught by logspout which in turn sends them back to loggly-docker in a nightmare of recursion.

I reverted to version 1.0 for now which doesn't have this issue.

Is there a way we can add docker hostname with the container hostname when pushing to loggly?

Why are you not making this an "Automated Build"?

With the recommended command, the container won't restart when the host reboots. When I add --restart=always to that command, the container repeatedly tries to start and fails after host reboot.

docker ps shows STATUS as Restarting (1) *n* seconds ago

$ docker logs loggly-docker
rsyslogd: pidfile '/var/run/rsyslogd.pid' and pid 1 already exist.
If you want to run multiple instances of rsyslog, you need to specify
different pid files for them (-i option).
rsyslogd: run failed with error -3000 (see rsyslog.h or try http://www.rsyslog.com/e/3000 to learn what that number means)
rsyslogd: pidfile '/var/run/rsyslogd.pid' and pid 1 already exist.

etc..

I was getting error while sending server log using loggly container. The error is

unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]

I logged into the container and found out that it is not using the updated configuration for rsyslog as mentioned in the documentation, https://www.loggly.com/docs/rsyslog-tls-configuration/

Linux release information

/ # cat /etc/*-release
3.3.1
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.3.1
PRETTY_NAME="Alpine Linux v3.3"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"

Rsyslog version

/ # rsyslogd -v
rsyslogd 8.9.0, compiled with:
	PLATFORM:				x86_64-alpine-linux-musl
	PLATFORM (lsb_release -d):
	FEATURE_REGEXP:				Yes
	GSSAPI Kerberos 5 support:		No
	FEATURE_DEBUG (debug build, slow code):	No
	32bit Atomic operations supported:	Yes
	64bit Atomic operations supported:	Yes
	memory allocator:			system default
	Runtime Instrumentation (slow code):	No
	uuid support:				Yes
	Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.

Rsyslog configuration

/ # cat /etc/rsyslog.conf
# Input modules
$ModLoad immark.so     # provide --MARK-- message capability
$ModLoad imuxsock.so   # provide local system logging (e.g. via logger command)
$ModLoad imudp         # provides UDP syslog reception
$ModLoad imtcp         # provides TCP syslog reception

# Output modules
$ModLoad omstdout.so       # provide messages to stdout

# Loggly template format
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [token-removed-for-posting@41058 tag=\"ript-api-server\"] %msg%\n"

# Setup disk assisted queues. An on-disk queue is created for this action.
# If the remote host is down, messages are spooled to disk and sent when
# it is up again.
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g       # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
$ActionQueueType LinkedList       # run asynchronously
$ActionResumeRetryCount -1        # infinite retries if host is down

#RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/loggly.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.loggly.com

# Send everything to Loggly over TLS
*.* @@logs-01.loggly.com:6514;LogglyFormat

# TCP Syslog Server
$InputTCPServerRun 514 # start a TCP syslog server at standard port 514

# UDP Syslog Server
$UDPServerRun 514      # start a UDP syslog server at standard port 514

It will be helpful to update the configuration and release the updated container.

Thanks.