Enable remote logging to syslog

Enable remote logging to syslog

Caution

This feature is available starting from the Container Cloud release 2.6.0.

By default, StackLight sends logs to Elasticsearch. However, you can configure StackLight to forward all logs to an external syslog server. In this case, StackLight will send logs both to the syslog server and to Elasticsearch. Prior to enabling the functionality, consider the following requirements:

  • StackLight logging must be enabled

  • A remote syslog server must be deployed outside Container Cloud

  • Container Cloud proxy must not be enabled since it only supports the HTTP(S) traffic

To enable sending of logs to syslog:

  1. Perform the steps 1-2 described in Configure StackLight.

  2. In the stacklight.values section of the opened manifest, configure the logging.syslog parameters as described in StackLight configuration parameters.

    For example:

    logging:
      enabled: true
      syslog:
        enabled: true
        host: remote-syslog.svc
        port: 514
        protocol: tcp
        tls:
          enabled: true
          certificate:
            secret: ""
            hostPath: "/etc/ssl/certs/ca-bundle.pem"
          verify: true
    

    Note

    The hostname field in the remote syslog database will be set based on clusterId specified in the StackLight chart values. For example, if clusterId is ns/cluster/example-uid, the hostname will transform to ns_cluster_example-uid. For details, see clusterId in StackLight configuration parameters.

  3. Verify remote logging to syslog as described in Verify StackLight after configuration.