project-lakitu/app-admin/stackdriver/files/logging_configs/fluentd-lakitu.conf - cos/overlays/board-overlays - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 <source>
   @type systemd
   filters [{ "_SYSTEMD_UNIT": "docker.service" }]
   <storage>
     @type local
     persistent true
     path /var/log/google-fluentd/docker.log.pos
   </storage>
   read_from_head true
   tag cos_docker
 </source>

 <source>
   @type systemd
   filters [
       {"_SYSTEMD_UNIT": [
           "docker-events-collector.service",
           "konlet-startup.service",
           "kubelet.service",
           "crash-reporter.service",
           "crash-sender.service",
           "crash-boot-collect.service",
           "kdump-load-kernel.service",
           "kdump-save-dump.service"]},
       {"SYSLOG_IDENTIFIER": "crash-sender.sh"}]
   <storage>
     @type local
     persistent true
     path /var/log/google-fluentd/system.log.pos
   </storage>
   read_from_head true
   tag cos_system
 </source>

 <source>
   @type systemd
   filters [{ "SYSLOG_IDENTIFIER": "audit" }]
   <storage>
     @type local
     persistent true
     path /var/log/google-fluentd/audit.log.pos
   </storage>
   read_from_head true
   tag cos_audit
 </source>

 # Collects all journal logs with priority >= warning
 # Change priority levels to make it more/less verbose.
 <source>
   @type systemd
   filters [{ "PRIORITY": ["0", "1", "2", "3", "4"] }]
   <storage>
     @type local
     persistent true
     path /var/log/google-fluentd/journal.pos
   </storage>
   read_from_head true
   tag cos_journal_warning
 </source>

 # Docker container logs (when not running Kubernetes).
 # This will collect logs from all containers using json file logging driver.
 # To query logs for specific container, use below filter on GCP logging:
 # jsonPayload.container_id=CONTAINER_ID
 <source>
   @type tail
   format json
   time_key time
   path /var/lib/docker/containers/*/*.log
   pos_file /var/log/google-fluentd/containers.log.pos
   time_format %Y-%m-%dT%H:%M:%S.%N%Z
   tag reform_containers.*
   read_from_head true
 </source>

 # Adds container_id field in container logs.
 <match reform_containers.**>
   @type record_reformer
   enable_ruby true
   <record>
     # tag_parts[] looks like:
     # ['reform_containers', 'var', 'lib', 'docker', 'containers', container_id]
     container_id ${tag_parts[5]}
     # Renames field 'log' to a more generic field 'message'. This way Stackdriver
     # will display the log message as the summary of the log entry.
     message ${record['log']}
   </record>
   tag cos_containers
   remove_keys log
 </match>

 # stackdriver-logging-agent handles sending logs to cloud logging.
 # See https://cloud.google.com/logging/docs/agent/installation#configure for more details.
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	<source>
	@type systemd
	filters [{ "_SYSTEMD_UNIT": "docker.service" }]
	<storage>
	@type local
	persistent true
	path /var/log/google-fluentd/docker.log.pos
	</storage>
	read_from_head true
	tag cos_docker
	</source>

	<source>
	@type systemd
	filters [
	{"_SYSTEMD_UNIT": [
	"docker-events-collector.service",
	"konlet-startup.service",
	"kubelet.service",
	"crash-reporter.service",
	"crash-sender.service",
	"crash-boot-collect.service",
	"kdump-load-kernel.service",
	"kdump-save-dump.service"]},
	{"SYSLOG_IDENTIFIER": "crash-sender.sh"}]
	<storage>
	@type local
	persistent true
	path /var/log/google-fluentd/system.log.pos
	</storage>
	read_from_head true
	tag cos_system
	</source>

	<source>
	@type systemd
	filters [{ "SYSLOG_IDENTIFIER": "audit" }]
	<storage>
	@type local
	persistent true
	path /var/log/google-fluentd/audit.log.pos
	</storage>
	read_from_head true
	tag cos_audit
	</source>

	# Collects all journal logs with priority >= warning
	# Change priority levels to make it more/less verbose.
	<source>
	@type systemd
	filters [{ "PRIORITY": ["0", "1", "2", "3", "4"] }]
	<storage>
	@type local
	persistent true
	path /var/log/google-fluentd/journal.pos
	</storage>
	read_from_head true
	tag cos_journal_warning
	</source>

	# Docker container logs (when not running Kubernetes).
	# This will collect logs from all containers using json file logging driver.
	# To query logs for specific container, use below filter on GCP logging:
	# jsonPayload.container_id=CONTAINER_ID
	<source>
	@type tail
	format json
	time_key time
	path /var/lib/docker/containers//.log
	pos_file /var/log/google-fluentd/containers.log.pos
	time_format %Y-%m-%dT%H:%M:%S.%N%Z
	tag reform_containers.*
	read_from_head true
	</source>

	# Adds container_id field in container logs.
	<match reform_containers.**>
	@type record_reformer
	enable_ruby true
	<record>
	# tag_parts[] looks like:
	# ['reform_containers', 'var', 'lib', 'docker', 'containers', container_id]
	container_id ${tag_parts[5]}
	# Renames field 'log' to a more generic field 'message'. This way Stackdriver
	# will display the log message as the summary of the log entry.
	message ${record['log']}
	</record>
	tag cos_containers
	remove_keys log
	</match>

	# stackdriver-logging-agent handles sending logs to cloud logging.
	# See https://cloud.google.com/logging/docs/agent/installation#configure for more details.