Syslog

You can configure Rancher to send Kubernetes logs to a Syslog server.

Configuring Syslog

You can configure Rancher to send cluster or project logs to Syslog.

Prerequisite: You must have a Syslog server configured.

  • Browse to the cluster or project that you want to log.

To Configure Cluster Logging:

If you’re a cluster owner or member who works in operations or security, configure cluster logging.

  • From the Global view, open the cluster that you want to configure logging for.

  • From the main menu, select Tools > Logging.

To Configure Project Logging:

If you’re a project owner or member who works on an application, configure project logging.

  • From the Global view, open the project that you want to configure logging for.

  • From the main menu, select Resources > Logging.

  • Select Syslog.

  • Complete the Syslog Configuration form.

    • From the Endpoint field, enter the IP address and port for your Syslog server. Additionally, select the protocol that your Syslog server uses from the drop-down.

    • From the Program field, enter the name of the application sending logs to your Syslog server (i.e., Rancher).

    • If you are using a cloud logging service (i.e., Sumologic), enter a Token that authenticates with your Syslog server. Use the cloud logging service to create this token.

    • Select a Log Severity for events that are logged to the Syslog server. For more information on each severity level, see the Syslog protocol documentation.

  • If your Syslog server uses TCP protocol, complete the SSL Configuration form.

    • Enter a private key and client certificate. Either copy and paste them or browse to them using Read from a file. This certificate will be installed on your logging server.

You can use either a self-signed certificate or one provided by a certificate authority.

You can generate a self-signed certificate using an openssl command. For example:

  1. openssl req -x509 -newkey rsa:2048 -keyout myservice.key -out myservice.cert -days 365 -nodes -subj "/CN=myservice.example.com"
  • If you are using a certificate from a certificate authority (and not a self-signed certificate), select the Enabled - Input trusted server certificate option and then enter your Trusted Server Certificate.

  • Complete the Additional Logging Configuration form.

    • Optional: Use the Add Field button to add custom log fields to your logging configuration. These fields are key value pairs (such as foo=bar) that you can use to filter the logs from another system.

      • Enter a Flush Interval. This value determines how often Fluentd flushes data to the logging server. Intervals are measured in seconds.
  • Click Save.

Result: Rancher is now configured to send logs to your Syslog server. View your Syslog stream to view logs for your cluster and containers.