My team has had some success with bundling lumberjack with our CF apps to ship logs/* to an external literary endpoint.
(eg. https://github.com/cityindex/logsearch-flowdock-bot/blob/master/start_lumberjack_shipper.rb)
We've been thinking of pulling this out into a separate "wrapper" buildpack like the multi-buildpack.
Does this technique sound of interest?
david, one potential hangup for something like this is that the DEA/warden currently only monitors a single PID in the warden container. so if something happens to lumberjack, then you wouldn't necessarily have that issue surface because the system would think your app is running fine. are you concerned about that at all?On Thu, Nov 28, 2013 at 2:45 PM, David Laing <da...@davidlaing.com> wrote:My team has had some success with bundling lumberjack with our CF apps to ship logs/* to an external literary endpoint.
(eg. https://github.com/cityindex/logsearch-flowdock-bot/blob/master/start_lumberjack_shipper.rb)
We've been thinking of pulling this out into a separate "wrapper" buildpack like the multi-buildpack.
Does this technique sound of interest?
On 28 Nov 2013 18:34, "Doug McClure" <dmcc...@gmail.com> wrote:Ivan - we should work internally on this. Our log analytic system will need similar to consume loggregator's syslog drains. We're considering some sort of loggregator2logstash component in the CF area to then send out to a centralized pool of logstash instances for mediation and routing to the ultimate endpoints. This is a simple starting point for us as we support both syslog and logstash.
Please ping me internally and we can chat on ideas and requirements. I'm pretty familiar with your side of things. We might benefit from working on a common component here.
Doug
On Thursday, November 28, 2013 1:07:18 AM UTC-5, Ivan wrote:
Hi,
Yeah, I would like to explain a bit for this. As you know, there are lots of analytic systems here and there, and not all of them support syslog protocol, I am thinking to have a logging dapter service there, which plays the role as a adapter between loggregator and logging analytic system. For the logging adapter srevices, it is deployed in the CF as applications.
Considering that, currently, loggregator will read the syslog_drain_url (accurately, dea-logging-agent does that) configurations and send the log messages to that url. For the syslog_drain_url, it is better to use the http://domain_name, as in case one of my logging node instance crashed, the logging pushing will still work (cf router will find another running instance for that). That is why I am wondering whether loggregator could support this kind of url. (adding the connection header and upgrade header, so router could do the load balance).
Thoughts ? Thanks.
On Thursday, November 28, 2013 1:20:56 PM UTC+8, James Bayer wrote:well tammer is correct that we have not documented the websocket api and consider it private. we built it for the CLI tail my logs use case. if there is a great use case to consider supporting it officially we'd like to know it.however, for your use case we recommend syslog using tcp as a push out of CF to your logging system. you can always setup something like logstash as this intermediate component, which can then forward to the system of your choice.i would not recommend accepting a PR without understanding the use case better for an HTTP post (why syslog over TCP can't be used as in the RFC specs) and understanding which type of HTTP API format could be used that would be at all generic to the logging domain and not be specific to a vendor tool or customization.
On Tue, Nov 26, 2013 at 1:16 AM, Ivan <xhh...@gmail.com> wrote:
Thanks, James,
One reason is that, per the previous thread [1], Tammer stated that ' However, we highly discourage direct connections to the websocket stream (it's not considered a public API). Draining your logs to a syslog compliant endpoint is the right way to go.', so I am not sure whether Cloud Foundry has changes the strategy for this ? IIUC, webscoket is not recommended ?
Another reason is that, I am hoping to create a logging service there, which will pull the logging records from loggregator and forward to other third-party storage system. If using webscoket way, it looks like I need to know the user name and password for the user applications, as
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+unsubscribe@cloudfoundry.org.
$ heroku drains:add https://logs.loggly.com/inputs/$$CUSTOMER_TOKEN$$/tag/$$TAG1,TAG2$$ --app $$HEROKU_APP_NAME$$[1] http://www.loggly.com/g1-support/logging-from-heroku/