Hello,
I am trying to build a custom rsyslog server docker image as follows =
1) Dockerfile
# Use an official Ubuntu as a parent image
FROM ubuntu:latest
# Update the package repository and install rsyslog
RUN apt-get update && \
apt-get install -y rsyslog
# Copy your custom rsyslog configuration file into the container
# Make sure to replace 'your_rsyslog.conf' with your actual configuration file
COPY rsyslog.conf /etc/rsyslog.d/
# Expose the port Rsyslog will listen on (e.g., 514 for syslog)
EXPOSE 514
# Start Rsyslog in the foreground
CMD ["rsyslogd", "-n"]
2) rsyslog.conf
# Load necessary modules
module(load="imuxsock") # Provides support for local system logging
module(load="imklog") # Provides kernel logging support
module(load="imtcp") # Provides TCP syslog reception
# Enable TCP syslog reception
input(type="imtcp" port="514")
# Set global directives
global(workDirectory="/var/spool/rsyslog") # Set the working directory
for state files
# Define a template for log formatting (optional)
template(name="RemoteLogFormat" type="string" string="%timegenerated%
%HOSTNAME% %syslogtag%%msg%\n")
# Define actions: where to save logs
# Store logs from remote hosts in separate files based on hostname
action(type="omfile"
file="/var/log/remote/%HOSTNAME%.log"
template="RemoteLogFormat")
# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf")
3) rsyslog-server-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rsyslog
namespace: poc
spec:
replicas: 1
selector:
matchLabels:
app: rsyslog
template:
metadata:
labels:
app: rsyslog
spec:
containers:
- name: rsyslog
image: myrepo/image1
volumeMounts:
- name: config-volume
mountPath: /etc/rsyslog.conf
subPath: rsyslog.conf
- name: log-volume
mountPath: /var/log
volumes:
- name: config-volume
configMap:
name: rsyslog-config
- name: log-volume
emptyDir: {}
4) configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: rsyslog-config
namespace: gcs-logging-poc
data:
rsyslog.conf: |
# Rsyslog configuration
module(load="imuxsock") # For listening to the system log socket
module(load="imklog") # For kernel logging
module(load="imtcp") # For TCP reception
module(load="imudp") # For UDP reception
module(load="imfile" PollingInterval="10") # Module to read log files
*.* action(type="omfile" file="/var/log/containers/*.log")
input(type="imtcp" port="514")
input(type="imfile"
File="/var/log/containers/*.log"
Tag="dynamic-log"
StateFile="dynamic-state"
Severity="info"
Facility="local0")
input(type="imfile"
File="/var/log/containers/*.log" # Watch all container logs
)
5) service.yaml
apiVersion: v1
kind: Service
metadata:
name: rsyslog
namespace: poc
spec:
selector:
app: rsyslog
ports:
- protocol: TCP
port: 514
targetPort: 514
Errors after deploying in k8s =
rsyslogd 8.2312.0: running as pid 1, enabling container-specific
defaults, press ctl-c to terminate rsyslog
│
│ rsyslogd: error during parsing file /etc/rsyslog.conf, on or before
line 17: parameter 'statefile' deprecated but accepted, consider
removing or replacing it [v8.2312.0 │
│ rsyslogd: error during parsing file /etc/rsyslog.conf, on or before
line 23: parameter 'tag' required but not specified - fix config
[v8.2312.0 try https://www.rsyslog.c │
│ rsyslogd: imudp: module loaded, but no listeners defined - no input
will be gathered [v8.2312.0 try https://www.rsyslog.com/e/2212 ]
│
│ rsyslogd: imfile: no working or state file directory set, imfile
will create state files in the current working directory (probably the
root dir). Use global(workDirecto │
│ rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not
permitted.
│
│ rsyslogd: activation of module imklog failed [v8.2312.0 try
https://www.rsyslog.com/e/2145 ]
Any thoughts on how to fix this issue? Thanks.
Regards,
Amey.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
