我正在kubernetes集群中设置Graylog服务,并使用Graylog Sidecars在我的工作节点上安装了NXLog backends,但是我无法获得辅助工具来将日志发送到输入我已配置(GELF HTTP)。在Sidecar状态页面上,列出了我配置了sidecar以便包含在/var/log conf文件中的sidecar.yaml目录下的所有文件和目录,并且它们会定期更新。这应该意味着Sidecar至少以某种方式连接,但是日志仍未出现在我的输入中。
通过以下入口和curl命令,我可以将日志发送到我的GELF HTTP输入:
curl -X POST -H 'Content-Type: application/json' -d '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' 'http://<host>/gelf'
#graylog ingress
...
spec:
rules:
- host: <host>
http:
paths:
- backend:
serviceName: graylog-tcp
servicePort: gelf1
path: /gelf
- backend:
serviceName: graylog-web
servicePort: graylog
Graylog配置:
#NXLog Collector Configuration
define ROOT /usr/bin
<Extension gelfExt>
Module xm_gelf
# Avoid truncation of the short_message field to 64 characters.
ShortMessageLength 65536
</Extension>
<Extension syslogExt>
Module xm_syslog
</Extension>
User nxlog
Group nxlog
Moduledir /usr/libexec/nxlog/modules
CacheDir /var/spool/nxlog/data
PidFile /var/run/nxlog/nxlog.pid
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
<Input sidecar_files>
Module im_file
File '/var/log/graylog-sidecar/*.log'
PollInterval 1
SavePos True
ReadFromLast True
Recursive True
RenameCheck False
Exec $FileName = file_name(); # Send file name with each message
</Input>
<Output gelf_http>
Module om_http
URL https://<host>/gelf
ContentType application/json
<Exec>
# These fields are needed for Graylog
$gl2_source_collector = '${sidecar.nodeId}';
$collector_node_id = '${sidecar.nodeName}';
</Exec>
</Output>
<Route route-1>
sidecar_files => gelf_http
</Route>
#GELF HTTP input
bind_address: 0.0.0.0
decompress_size_limit: 8388608
enable_cors: true
idle_writer_timeout: 60
max_chunk_size: 65536
number_worker_threads: 1
override_source: <empty>
port: 12201
recv_buffer_size: 425984
tcp_keepalive: false
tls_cert_file: <empty>
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: false
tls_key_file: <empty>
tls_key_password: ********
我希望输入消息流中有日志,或者pod日志中有错误消息,但是我都找不到。