2

I see the follow doc from cloudfoundry document Service-Specific Instructions for Streaming Application Logs:

Logentries is Not Supported

Cloud Foundry distributes log messages over multiple servers in order to handle load. Currently, we do not recommend using Logentries as it does not support multiple syslog sources.

and I guess it points to Logentries feature Plaintext TCP/UDP input types.

So how about Logentries Token-based TCP input? E.g., configures provided token for each log messages send to STDOUT or STDERR from application or cloudfoundry. If this works, how to make it?

Community
  • 1
  • 1
shawnzhu
  • 7,233
  • 4
  • 35
  • 51
  • Just found this idea from ibm-bluemix.uservoice.com: http://ibm-bluemix.uservoice.com/forums/311383-ibm-bluemix-ideas/suggestions/10126482-add-service-for-logentries-syslog-drain hope anyone suffer this can vote for it – shawnzhu Oct 08 '15 at 16:06

3 Answers3

2

You can use almost any endpoint for the loggregator drain. It just needs to be HTTPS (a POST request), syslog, or syslog-tls. Cloud Foundry does not support any other endpoints right now.

The way the Cloud Foundry loggregator drain works is it needs a specific endpoint to point to dump the logs. It does not work with multiple drain endpoints.

I would shoot an email to the cf-dev distro and see what would be required to submit a PR for this....

Jeff Sloyer
  • 4,899
  • 1
  • 24
  • 48
  • I understand the point of your answer but it is not about multiple endpoints. e.g., Logentries provides single endpoint via plain TCP/UDP like `syslog://api.logentries.com:xxxxx` for apps run via cloudfoundry and it works. the key problem is Logentries requires ONE ip address but cloudfoundry _may_ send logs from multiple ip addresses. My question can be simplified to "how to customize the syslog message format of cloudfoundry app logs over `cf` command"? – shawnzhu Sep 13 '15 at 21:28
  • You can log to any syslog, syslog-tls, or https endpoint. I guess I'm confused what your issue is – Jeff Sloyer Sep 14 '15 at 10:52
  • I guess the simple answer is no, cloudfoundry itself don't have such feature to customize syslog message format to include app specific token to drain logs to Logentries, so Bluemix don't have this feature either. – shawnzhu Sep 15 '15 at 02:58
  • Yes you are correct, the format that comes out you can not customize. – Jeff Sloyer Sep 15 '15 at 02:59
  • Does the data hub allow us to add annotations to the log? If so, you could add the same tag to logs from the multiple sources and then they can be correlated using that. – Arun Ramakrishnan Sep 30 '15 at 18:21
1

I have implemented application based logging from a node.js app running in bluemix in the following way.

  1. Integrated Winson logging library first so that we would get the ability to use the "transports" that have been developed for various logging and monitoring services; in addition to the basic file and console destinations.
  2. Used le_node library from LogEntries as a Winston transport. As part of the configuration of the transport you specify a LogEntries token.

winston.add(winston.transports.Logentries, { token: myToken });

Since the token can be specific to your application LogEntries can aggregate the logs coming from different instances.

Jonathan Henthorn
  • 13
  • 2
  • Yes, it works for logs from application space. but it won't work for logs in `STDOUT` of cloudfoundry app, where it provides more info I need like access log from cloudfoundry router. – shawnzhu Sep 21 '15 at 15:24
0

It sounds like you were trying to use port based syslog forwarding, which locks onto one IP address. Instead, you can use a syslog forwarder in combination with token forwarding to send your logs to us, you receive one token for one log, and if you want to route your logs to different logs/log sets, you'll have to manage multiple tokens in your config file.

Here are some documents you will find helpful: https://logentries.com/doc/input-token/3 https://blog.logentries.com/2014/01/how-to-send-log-data-via-a-proxy-server-using-rsyslog/2

Albert
  • 24
  • 1