You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using conmon with podman. Since some containerized applications don't have good logging support, I'm using journald to capture the logs from conmon. For longtime storage, I'm processing the logs using rsyslog.
What's my issue?
Although conmon exported the container name and tags into journld, these details aren't part of the syslog export. It's impossible to filter out by container name. So rsyslog has to use the imjournal module, which makes all the tags available - but with way trouble in performance.
Jun 6 20:00:00 debian conmon[12975]: 2021-06-06 20:00:00.000 UTC [2] LOG: database system is shut down
What might be a possible solution?
Allow configuring the syslog message.
Jun 6 20:00:00 debian conmon[12975]: $CONTAINER-NAME 2021-06-06 20:00:00.000 UTC [2] LOG: database system is shut down
or
Jun 6 20:00:00 debian conmon-$CONTAINER-NAME[12975]: 2021-06-06 20:00:00.000 UTC [2] LOG: database system is shut down
etc.
The text was updated successfully, but these errors were encountered:
preface
I'm using conmon with podman. Since some containerized applications don't have good logging support, I'm using journald to capture the logs from conmon. For longtime storage, I'm processing the logs using rsyslog.
What's my issue?
Although conmon exported the container name and tags into journld, these details aren't part of the syslog export. It's impossible to filter out by container name. So rsyslog has to use the imjournal module, which makes all the tags available - but with way trouble in performance.
What might be a possible solution?
Allow configuring the syslog message.
or
etc.
The text was updated successfully, but these errors were encountered: