Hello,
I am working on documentation on how to setup Foreman with journald/rsyslog to send all our RoR logs (with custom fields) into ELK (ElasticSearch basically). I have this WIP configuration:
Now, this only capture logs which are in journal/syslog, but we have some configuration files in Foreman or Katello deployment. Since rsyslog is capable of importing also logs from external files via imfile module, which files should I include in the initial version of the document? I won’t have time to include them all, but I would like to hear what should be the priority.
Smart proxy can be configured to send logs to syslog, so this will work out of box (no extra fields tho).
Candlepin has candlepin.log
and couple of others (audit.log
, errors.log
) as well as tomcat.log
, I will likely configure only the first one. Will try to configure candlepin with syslog first, that should work according to docs. If not, imfile is the fallback.
Pulp has multiple files, some components log to syslog, some into files. I need an advice here, struggle here a bit. And then there’s qpid and other stuff related to Pulp.
Bare metal provisioning services TFTP and DHCP log into syslog by default, this will appear in ELK automatically as well.
Dynflow to my knowledge logs via RoR stack, that should go into journal when configured, it used to create some extra log file (dynflow_executor.{log,output}
) tho. Also our foreman installer might be useful, but that’s imfile only and with time/date parsing - I will likely leave this to later.
To sum up, I am thinking this:
- production.log (via journal - with custom/structured fields)
- proxy.log (via syslog)
- candlepin.log (via syslog)
- cron.log (via imfile)
- db_migrate.log and db_seed.log (via imfile)
Any comments on how you integrate with ELK/ES appreciated.