aboutsummaryrefslogtreecommitdiff
path: root/logging/fluentd/kubernetes.conf
diff options
context:
space:
mode:
Diffstat (limited to 'logging/fluentd/kubernetes.conf')
-rw-r--r--logging/fluentd/kubernetes.conf201
1 files changed, 201 insertions, 0 deletions
diff --git a/logging/fluentd/kubernetes.conf b/logging/fluentd/kubernetes.conf
new file mode 100644
index 0000000..78465d3
--- /dev/null
+++ b/logging/fluentd/kubernetes.conf
@@ -0,0 +1,201 @@
+# FIXED
+
+<match fluent.**>
+ @type null
+</match>
+
+<source>
+ @type tail
+ @id in_tail_container_logs
+ path /var/log/containers/*.log
+ exclude_path ["/var/log/containers/fluentd*"]
+ pos_file /var/log/fluentd-containers.log.pos
+ tag kubernetes.*
+ read_from_head true
+ <parse>
+ @type multi_format
+ <pattern>
+ format json
+ time_format %Y-%m-%dT%H:%M:%S.%NZ
+ </pattern>
+ <pattern>
+ format regexp
+ time_format %Y-%m-%dT%H:%M:%S.%N%:z
+ expression /^(?<time>.+) (?<stream>stdout|stderr) (?<partial_flag>[FP]) (?<log>.+)$/
+# expression /^(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z) (?<output>\w+) (?<partial_flag>[FP]) (?<message>.+)$/
+ </pattern>
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_minion
+ path /var/log/salt/minion
+ pos_file /var/log/fluentd-salt.pos
+ tag salt
+ <parse>
+ @type regexp
+ expression /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/
+ time_format %Y-%m-%d %H:%M:%S
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_startupscript
+ path /var/log/startupscript.log
+ pos_file /var/log/fluentd-startupscript.log.pos
+ tag startupscript
+ <parse>
+ @type syslog
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_docker
+ path /var/log/docker.log
+ pos_file /var/log/fluentd-docker.log.pos
+ tag docker
+ <parse>
+ @type regexp
+ expression /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_etcd
+ path /var/log/etcd.log
+ pos_file /var/log/fluentd-etcd.log.pos
+ tag etcd
+ <parse>
+ @type none
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_kubelet
+ multiline_flush_interval 5s
+ path /var/log/kubelet.log
+ pos_file /var/log/fluentd-kubelet.log.pos
+ tag kubelet
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_kube_proxy
+ multiline_flush_interval 5s
+ path /var/log/kube-proxy.log
+ pos_file /var/log/fluentd-kube-proxy.log.pos
+ tag kube-proxy
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_kube_apiserver
+ multiline_flush_interval 5s
+ path /var/log/kube-apiserver.log
+ pos_file /var/log/fluentd-kube-apiserver.log.pos
+ tag kube-apiserver
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_kube_controller_manager
+ multiline_flush_interval 5s
+ path /var/log/kube-controller-manager.log
+ pos_file /var/log/fluentd-kube-controller-manager.log.pos
+ tag kube-controller-manager
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_kube_scheduler
+ multiline_flush_interval 5s
+ path /var/log/kube-scheduler.log
+ pos_file /var/log/fluentd-kube-scheduler.log.pos
+ tag kube-scheduler
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_rescheduler
+ multiline_flush_interval 5s
+ path /var/log/rescheduler.log
+ pos_file /var/log/fluentd-rescheduler.log.pos
+ tag rescheduler
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_glbc
+ multiline_flush_interval 5s
+ path /var/log/glbc.log
+ pos_file /var/log/fluentd-glbc.log.pos
+ tag glbc
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+<source>
+ @type tail
+ @id in_tail_cluster_autoscaler
+ multiline_flush_interval 5s
+ path /var/log/cluster-autoscaler.log
+ pos_file /var/log/fluentd-cluster-autoscaler.log.pos
+ tag cluster-autoscaler
+ <parse>
+ @type kubernetes
+ </parse>
+</source>
+
+# Example:
+# 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods"
+# 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200"
+<source>
+ @type tail
+ @id in_tail_kube_apiserver_audit
+ multiline_flush_interval 5s
+ path /var/log/kubernetes/kube-apiserver-audit.log
+ pos_file /var/log/kube-apiserver-audit.log.pos
+ tag kube-apiserver-audit
+ <parse>
+ @type multiline
+ format_firstline /^\S+\s+AUDIT:/
+ # Fields must be explicitly captured by name to be parsed into the record.
+ # Fields may not always be present, and order may change, so this just looks
+ # for a list of key="\"quoted\" value" pairs separated by spaces.
+ # Unknown fields are ignored.
+ # Note: We can't separate query/response lines as format1/format2 because
+ # they don't always come one after the other for a given query.
+ format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/
+ time_format %Y-%m-%dT%T.%L%Z
+ </parse>
+</source>
+
+<filter kubernetes.**>
+ @type kubernetes_metadata
+ @id filter_kube_metadata
+</filter>
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 12:49:05 +0000