Read from auth.log file as a stream

Question

Read from auth.log file as a stream

acouvreur opened this issue 4 years ago · comments

Alexis Couvreur commented 4 years ago

Read from the auth.log file as a stream instead of having a TCP server and an RSyslog configuration

The Dockerfile will just need to map on the /var/log/auth.log file as read only.

This is good because in swarm mode it can be extended really easily to monitor all nodes.

Alexis Couvreur · Answer 1 · Wed May 20 2020 04:35:01 GMT+0800 (China Standard Time)

https://github.com/lucagrulla/node-tail seems to be good for this job

Erik Dasque · Answer 2 · Wed May 20 2020 23:26:44 GMT+0800 (China Standard Time)

Is that something you're looking to do, moving forward?

Alexis Couvreur · Answer 3 · Wed May 20 2020 23:49:11 GMT+0800 (China Standard Time)

It seems to be more consistent because it would only require a single docker run.

But it would remove the message extraction from RSyslog. Which means the parser will have to be a bit smarter. Maybe too much because the rsyslog conf may change the way the output are printed...

Alexis Couvreur · Answer 4 · Thu May 28 2020 02:58:46 GMT+0800 (China Standard Time)

Also prevents from missing because tcp failed
cannot connect to 127.0.0.1:7070: Connection refused [v8.1901.0 try https://www.rsyslog.com/e/2027 ]

Erik Dasque · Answer 5 · Tue Nov 03 2020 00:26:27 GMT+0800 (China Standard Time)

Abandoned?

Alexis Couvreur · Answer 6 · Tue Nov 03 2020 00:28:56 GMT+0800 (China Standard Time)

Abandoned?

It has no real benefits and it is working with the current solution. So I'll leave it that way :)