| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| <source> |
| @type systemd |
| filters [{ "_SYSTEMD_UNIT": "docker.service" }] |
| <storage> |
| @type local |
| persistent true |
| path /var/log/google-fluentd/docker.log.pos |
| </storage> |
| read_from_head true |
| tag cos_docker |
| </source> |
| |
| <source> |
| @type systemd |
| filters [ |
| {"_SYSTEMD_UNIT": [ |
| "docker-events-collector.service", |
| "konlet-startup.service", |
| "kubelet.service", |
| "crash-reporter.service", |
| "crash-sender.service", |
| "crash-boot-collect.service", |
| "kdump-load-kernel.service", |
| "kdump-save-dump.service"]}, |
| {"SYSLOG_IDENTIFIER": "crash-sender.sh"}] |
| <storage> |
| @type local |
| persistent true |
| path /var/log/google-fluentd/system.log.pos |
| </storage> |
| read_from_head true |
| tag cos_system |
| </source> |
| |
| <source> |
| @type systemd |
| filters [{ "SYSLOG_IDENTIFIER": "audit" }] |
| <storage> |
| @type local |
| persistent true |
| path /var/log/google-fluentd/audit.log.pos |
| </storage> |
| read_from_head true |
| tag cos_audit |
| </source> |
| |
| # Collects all journal logs with priority >= warning |
| # Change priority levels to make it more/less verbose. |
| <source> |
| @type systemd |
| filters [{ "PRIORITY": ["0", "1", "2", "3", "4"] }] |
| <storage> |
| @type local |
| persistent true |
| path /var/log/google-fluentd/journal.pos |
| </storage> |
| read_from_head true |
| tag cos_journal_warning |
| </source> |
| |
| # Docker container logs (when not running Kubernetes). |
| # This will collect logs from all containers using json file logging driver. |
| # To query logs for specific container, use below filter on GCP logging: |
| # jsonPayload.container_id=CONTAINER_ID |
| <source> |
| @type tail |
| format json |
| time_key time |
| path /var/lib/docker/containers/*/*.log |
| pos_file /var/log/google-fluentd/containers.log.pos |
| time_format %Y-%m-%dT%H:%M:%S.%N%Z |
| tag reform_containers.* |
| read_from_head true |
| </source> |
| |
| # Adds container_id field in container logs. |
| <match reform_containers.**> |
| @type record_reformer |
| enable_ruby true |
| <record> |
| # tag_parts[] looks like: |
| # ['reform_containers', 'var', 'lib', 'docker', 'containers', container_id] |
| container_id ${tag_parts[5]} |
| # Renames field 'log' to a more generic field 'message'. This way Stackdriver |
| # will display the log message as the summary of the log entry. |
| message ${record['log']} |
| </record> |
| tag cos_containers |
| remove_keys log |
| </match> |
| |
| # stackdriver-logging-agent handles sending logs to cloud logging. |
| # See https://cloud.google.com/logging/docs/agent/installation#configure for more details. |