Any best practices to getting the fleet logs into ...
# kolides
Sal
09/29/2020, 5:29 PMAny best practices to getting the fleet logs into a file for logging? I'm running fleet in a docker container and i can view the logs with the docker log -f command. How can they be ported to a file on the local host? I tried starting the container with log-dirver: "syslog" but nothing. Is it a formatting issue?
s
sundsta
09/29/2020, 5:53 PMMost logging platforms have a way to monitor the stdout/stderr logs in your containers. The setup instructions will depend on what platform you’re using
s
Sal
09/29/2020, 6:32 PMThanks, the only option I have is to dump to syslog or a file.
s
seph
09/29/2020, 9:22 PM
I’m a little confused by the question. If fleet is in docker, than it can only write to files inside docker.
I don’t know much about docker log shipping
seph
09/29/2020, 9:22 PM
Are these fleet administrative logs, or osquery result logs?
s
Sal
09/29/2020, 11:32 PMThey are fleet logs, not results or status logs.
Sal
09/29/2020, 11:33 PMsimilar to
Copy code
level=info ts=2020-09-29T05:17:51.328659802Z component=service method=EnrollAgent ip_addr=10.124.237.153:34884 x_for_ip_addr= err="save enroll failed: inserting: Error 1205: Lock wait timeout exceeded; try restarting transaction" took=5m23.090762881s
level=info ts=2020-09-29T05:17:51.46834596Z component=service method=EnrollAgent ip_addr=10.124.237.148:38000 x_for_ip_addr= err="save enroll failed: inserting: Error 1205: Lock wait timeout exceeded; try restarting transaction" took=2m49.583970117ss
seph
09/30/2020, 2:56 AM
I’m pretty sure those go to stderr. How to capture and forward those is very init system dependent.
s
Sal
09/30/2020, 11:54 AMThanks @seph, i'll look into it further.
3 Views