-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.4.0
-
False
-
False
-
NEW
-
OBSDA-108 - Distribute an alternate Vector Log Collector
-
VERIFIED
-
-
Logging (Core) - Sprint 218
The openshift-apiserver ovn audit logs can not be collected. the directory /var/log/openshift-apiserver/audit.log and /var/log/ovn/audit.log are not in sources.
- Logs from containers (including openshift containers)
[sources.raw_container_logs] type = "kubernetes_logs" auto_partial_merge = true exclude_paths_glob_patterns = ["/var/log/pods/openshift-logging_collector-*/*/*.log", "/var/log/pods/openshift-logging_elasticsearch-*/*/*.log", "/var/log/pods/openshift-logging_kibana-*/*/*.log"] [sources.raw_journal_logs] type = "journald" Logs from host audit [sources.host_audit_logs] type = "file" ignore_older_secs = 600 include = ["/var/log/audit/audit.log"] Logs from kubernetes audit [sources.k8s_audit_logs] type = "file" ignore_older_secs = 600 include = ["/var/log/kube-apiserver/audit.log"] Logs from openshift audit [sources.openshift_audit_logs] type = "file" ignore_older_secs = 600 include = ["/var/log/oauth-apiserver.audit.log"]
Step to Reproduce:
1) Forward all logs to default ES
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: instance
namespace: openshift-logging
spec:
pipelines:
- name: all-to-defaultES
inputRefs:
- infrastructure
- application
- audit
outputRefs:
- default
2) check the vector.toml
oc extract secret/collector-config
Expected result:
The collector can gather logs under /var/log/openshift-apiserver/audit.log and /var/log/ovn/audit.log
