Enable remote logging to syslog

Deprecated since 2.23.0

Caution

Since Container Cloud 2.23.0, this procedure and the logging.syslog parameter are deprecated. For a new configuration of remote logging to syslog, follow the Enable log forwarding to external destinations procedure instead.

By default, StackLight sends logs to OpenSearch. However, you can configure StackLight to forward all logs to an external syslog server. In this case, StackLight will send logs both to the syslog server and to OpenSearch. Prior to enabling the functionality, consider the following requirements:

  • StackLight logging must be enabled

  • A remote syslog server must be deployed outside Container Cloud

  • Container Cloud proxy must not be enabled since it only supports the HTTP(S) traffic

To enable sending of logs to syslog:

  1. Perform the steps 1-2 described in Configure StackLight.

  2. In the stacklight.values section of the opened manifest, configure the logging.syslog parameters as described in StackLight configuration parameters.

    For example:

    logging:
      enabled: true
      syslog:
        enabled: true
        host: remote-syslog.svc
        port: 514
        packetSize: 1024
        protocol: tcp
        tls:
          enabled: true
          certificate:
            secret: ""
            hostPath: "/etc/ssl/certs/ca-bundle.pem"
          verify_mode: 1
    

    Note

    • Mirantis recommends that you tune the packetSize parameter value to allow sending full log lines.

    • The hostname field in the remote syslog database will be set based on clusterId specified in the StackLight chart values. For example, if clusterId is ns/cluster/example-uid, the hostname will transform to ns_cluster_example-uid. For details, see clusterId in StackLight configuration parameters.

  3. Verify remote logging to syslog as described in Verify StackLight after configuration.