real-time logs delivery #4180
-
|
When it comes to compliance and audits, how are people capturing logs from the Bottlerocket host OS to send them to a remote destination (in real-time)? I'm interested, for now, in kubelet and auditd logs. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hey @AndreiBanaruTakeda , thanks for asking! Have you have a chance to look at this blogpost? https://opensearch.org/blog/bottlerocket-k8s-fluent-bit/ It explains how to collect kubelet logs, but it could be extended to include any system logs you want since the logs are collected from the journal. It uses OpenSearch as the indexing tool but I think you can hook up whatever indexer fluentbit supports. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @arnaldo2792 I did read that blogpost, although I overlooked the journald section, when he gets the kubelet events from it. |
Beta Was this translation helpful? Give feedback.
Thanks @arnaldo2792
I did read that blogpost, although I overlooked the journald section, when he gets the kubelet events from it.
In the end I used the splunk-otel-collector, worked out pretty good, pulling from journald.