如何将流利的位输入日志写入本地主机系统日志服务器

Posted

技术标签:

【中文标题】如何将流利的位输入日志写入本地主机系统日志服务器【英文标题】:How to write fluent bit input logs to localhost syslog server 【发布时间】:2021-09-20 15:56:17 【问题描述】:

我正在从 docker 容器化应用程序收集日志。我能够将日志带到 stdout 输出插件,但是当我尝试 syslog 输出插件时,它不会在 syslog 服务器上写入。 下面是配置文件。

[SERVICE]
    Parsers_File        /etc/td-agent-bit/parsers.conf

[INPUT]
    Name                forward

[Output]
    name                syslog
    match               *
    host                127.0.0.1
    port                514
    mode                udp
    syslog_format       rfc5424
    syslog_hostname_key hostname
    syslog_appname_key  appname
    syslog_procid_key   procid
    syslog_message_key  log

容器应用的日志属性设置为

logging:
  driver: fluentd
  options:
    fluentd-address: localhost:24224
    tag: logs

运行流畅位后/opt/td-agent-bit/bin/td-agent-bit -c fluent.conf

[2021/09/20 08:47:16] [ warn] [engine] failed to flush chunk '8481-1632152835.361162854.flb', retry in 7 seconds: task_id=0, input=forward.0 > output=syslog.0 (out_id=0)
[2021/09/20 08:47:23] [ warn] [engine] chunk '8481-1632152835.361162854.flb' cannot be retried: task_id=0, input=forward.0 > output=syslog.0
[2021/09/20 08:47:26] [ warn] [engine] failed to flush chunk '8481-1632152845.361118393.flb', retry in 6 seconds: task_id=0, input=forward.0 > output=syslog.0 (out_id=0)
[2021/09/20 08:47:32] [ warn] [engine] chunk '8481-1632152845.361118393.flb' cannot be retried: task_id=0, input=forward.0 > output=syslog.0
[2021/09/20 08:47:36] [ warn] [engine] failed to flush chunk '8481-1632152855.361556013.flb', retry in 8 seconds: task_id=0, input=forward.0 > output=syslog.0 (out_id=0)

谁能告诉这里出了什么问题?

即使对于简单的 cpu 输入插件 syslog 也不起作用。喜欢

/opt/td-agent-bit/bin/td-agent-bit -i cpu -o syslog

输出

[2021/09/20 08:53:43] [ info] [cmetrics] version=0.2.1
[2021/09/20 08:53:43] [ info] [output:syslog:syslog.0] setup done for 127.0.0.1:514
[2021/09/20 08:53:43] [ info] [sp] stream processor started
[2021/09/20 08:53:48] [ warn] [engine] failed to flush chunk '8765-1632153224.515974981.flb', retry in 10 seconds: task_id=0, input=cpu.0 > output=syslog.0 (out_id=0)
[2021/09/20 08:53:53] [ warn] [engine] failed to flush chunk '8765-1632153228.516869744.flb', retry in 6 seconds: task_id=1, input=cpu.0 > output=syslog.0 (out_id=0)
[2021/09/20 08:53:58] [ warn] [engine] chunk '8765-1632153224.515974981.flb' cannot be retried: task_id=0, input=cpu.0 > output=syslog.0

【问题讨论】:

【参考方案1】:

我遇到了类似的问题,因为 fluentbit pod 本身是 127.0.0.1。我创建了另一个 rsyslog pod 并使用它的 IP 从 fluentbit 获取日志。 https://artifacthub.io/packages/helm/rsyslog/rsyslog

【讨论】:

以上是关于如何将流利的位输入日志写入本地主机系统日志服务器的主要内容,如果未能解决你的问题,请参考以下文章

是否可以使用标准输出作为流利的源来捕获特定日志以写入弹性搜索?

如何将 PM2 日志写入 sumologic?

无法在本地主机(XAMPP)上打开 Laravel 日志(权限被拒绝)

如何写入猕猴桃系统日志服务器日志c#

询问流利的系统日志聚合器

Linux Centos7 日志文件详解