TechQA.

How to access logs logged in journald using fluent-bit that's inside a docker container

5.4k views Asked by At

I'm using docker-compose.yml that launches my services. All services look something like this:

A-service:
    image: A-service
    restart: always
    network_mode: host
    logging:
      driver: journald
      options: 
        tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"


fluent-bit:
  image: 'bitnami/fluent-bit:latest'
  restart: always
  network_mode: host
  command: /fluent-bit/bin/fluent-bit -c /fluent-bit/etc/fluent-bit.conf
  volumes:
    - ./service/config/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
    - type: bind
      source: /run/log
      target: /run/log

When I run journalctl -e -f -u docker I see all the logs being logged just fine. The problem I'm having is that my fluent-bit container seems to be unable to get any data when collecting from systemd:

fluent-bit.conf:
[SERVICE]
    Flush        5
    Daemon       Off
    Log_Level    debug

[INPUT]
    Name            systemd
    Tag             *


[OUTPUT]
    Name   stdout
    Match  *

I figured that it might be because it's in container and can't reach the logs location, but binding directory /run/log:/run/log had no effect.

So my question would be: Can fluent-bit reach systemd and read journal when it is inside container? If yes - how can I achieve that?

docker logging systemd fluent-bit
Original Q&A
1

There are 1 answers

0
Simas Paškauskas On BEST ANSWER

After even more research I stumbled acros this thread: https://github.com/fluent/fluent-bit/issues/497

Long story short:

  1. you need to run fluent-bit container as root, since accessing the journal requires root permission
  2. set the machine id in docker to the same as in your root machine
  3. bind /run/log/journal:/run/log/journal

so:

fluent-bit:
      image: 'bitnami/fluent-bit:latest'
      restart: always
      user: root
      network_mode: host
      command: /fluent-bit/bin/fluent-bit -c /fluent-bit/etc/fluent-bit.conf
      volumes:
        - ./service/config/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
        - /etc/machine-id:/etc/machine-id:ro
        - /run/log/journal:/run/log/journal

Then, in fluent-bit.conf you need edit the INPUT path:

[INPUT]
    Name            systemd
    Tag             *
    Path            /run/log/journal
    Systemd_Filter    _SYSTEMD_UNIT=docker.service
    Systemd_Filter    _SYSTEMD_UNIT=kubelet.service

Related Questions in DOCKER

Related Questions in LOGGING

Related Questions in SYSTEMD

Related Questions in FLUENT-BIT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions