The log collector is a daemon set that deploys pods to each {product-title} node to collect container and node logs.
By default, the log collector uses the following sources:
-
System and infrastructure logs generated by journald log messages from the operating system, the container runtime, and {product-title}.
-
/var/log/containers/*.logfor all container logs.
If you configure the log collector to collect audit logs, it collects them from /var/log/audit/audit.log.
The log collector collects the logs from these sources and forwards them internally or externally depending on your {logging} configuration.
Vector is a log collector offered as an alternative to Fluentd for the {logging}.
You can configure which logging collector type your cluster uses by modifying the ClusterLogging custom resource (CR) collection spec:
apiVersion: logging.openshift.io/v1
kind: ClusterLogging
metadata:
name: instance
namespace: openshift-logging
spec:
collection:
logs:
type: vector
vector: {}
# ...The container runtimes provide minimal information to identify the source of log messages: project, pod name, and container ID. This information is not sufficient to uniquely identify the source of the logs. If a pod with a given name and project is deleted before the log collector begins processing its logs, information from the API server, such as labels and annotations, might not be available. There might not be a way to distinguish the log messages from a similarly named pod and project or trace the logs to their source. This limitation means that log collection and normalization are considered best effort.
|
Important
|
The available container runtimes provide minimal information to identify the source of log messages and do not guarantee unique individual log messages or that these messages can be traced to their source. |