Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1592

Add sub-categories for log types

    XMLWordPrintable

Details

    • Story
    • Resolution: Obsolete
    • Major
    • None
    • None
    • Log Collection
    • None
    • False
    • False
    • NEW
    • OBSDA-550 - Updated APIs for Logging 6.0
    • NEW
    • Undefined

    Description

      Use case

      As a user I want to

      • configure inputs by major log type [application, infrastructure, audit] and receive all logs of that type.
      • configure inputs with separte sub-categories of log type, for example: audit.k8s, audit.openshift, infrastructure.container

      As implementer of Loki forwarding  I need labels sets that identify individual log streams (files or containers)  to avoid out-of-order timestamps.

      • For container logs I can already do this via namespace+pod+container IDs.
      • For node logs I need to distinguish each separate stream, for example:  audit.k8s vs audit.openshift.

      Changes

      Add a log_type field of type string to the root of the log record data model.

      Implement log_type with the following values:

      • application: all application (non-infrastructure) containers.
      • infrastructure: Includes all infrastructure sub-categories
        • infrastructure.container: logs from containers in default, kube, openshift and openshift-* namespaces
        • infrastructure.node: system logs from the node.
      • audit: All audit logs
        • audit.linux: Linux audit log, per node.
        • audit.kubernetes: Kubernetes audit log, per node.
        • audit.openshift: Openshift audit log, per node..

      Note: currently infrastructure.node means the systemd journal of the node. If we need to include more node logs in future, we can further subdivide, e.g. infrastructure.node.journal infrastructure.node.syslog or whatever.

      Attachments

        Issue Links

          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LOG-1267 Implement Loki forwarder

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. LOG-1377 Support collecting audit logs from additional, platform related locations

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          Web Link Loki forwarder proposal, explains uniqueness issues.

          GitHub openshift/cluster-logging-operator#1096: LOG-1267: Loki output implementation.

          Activity

            People

              Unassigned Unassigned
              rhn-engineering-aconway Alan Conway
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: