I've recently put together a prototype external message filter for rsyslog that will annotate log messages originating in containers with metadata collected from Docker and/or Kubernetes.
https://github.com/larsks/mmcontainers On a system in which Docker is configured to use the journald logging driver, log message received by rsyslog include the CONTAINER_ID_FULL tag with the container id. We can use this to look up metadata in docker, and we can take advantage of labels added to containers by Kubernetes to look up pod labels and annotations as well. In order to process messages as rapidly as possible, the message filter itself does not interact with either the Docker or Kubernetes APIs. A separate process listen to event streams from these services and maintains a shared cache with this information. If you find this useful, I would be interested in your comments or questions. Cheers, -- Lars Kellogg-Stedman <[email protected]> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
