Enable remote logging to syslog¶
By default, StackLight sends logs to Elasticsearch. However, you can configure StackLight to forward all logs to an external syslog server. In this case, StackLight will send logs both to the syslog server and to Elasticsearch. Prior to enabling the functionality, consider the following requirements:
StackLight logging must be enabled
A remote syslog server must be deployed outside Container Cloud
Container Cloud proxy must not be enabled since it only supports the HTTP(S) traffic
To enable sending of logs to syslog:
Perform the steps 1-2 described in Configure StackLight.
stacklight.valuessection of the opened manifest, configure the
logging.syslogparameters as described in StackLight configuration parameters.
logging: enabled: true syslog: enabled: true host: remote-syslog.svc port: 514 packetSize: 1024 protocol: tcp tls: enabled: true certificate: secret: "" hostPath: "/etc/ssl/certs/ca-bundle.pem" verify: true
packetSizeparameter is available since Container Cloud 2.14.0. Mirantis recommends that you tune its value to allow sending full log lines.
hostnamefield in the remote syslog database will be set based on
clusterIdspecified in the StackLight chart values. For example, if
hostnamewill transform to
ns_cluster_example-uid. For details, see
clusterIdin StackLight configuration parameters.
Verify remote logging to syslog as described in Verify StackLight after configuration.