问题描述
我的应用程序将发送syslog local0消息.当我将应用程序移至docker时,我发现很难显示syslog.
My application will send out syslog local0 messages.When I move my application into docker, I found it is difficult to show the syslog.
我试图以--log-dirver作为syslog或日记方式运行docker,两者都工作异常,当我尝试运行时,/var/log/local0.log显示Docker容器的控制台输出而不是我的应用程序的syslog该命令在容器内
I've tried to run docker as --log-dirver as syslog or journald, both works strange, the /var/log/local0.log show console output of docker container instead of my application's syslog when I try to run this command inside container
logger -p local0.info -t a message
因此,我尝试在docker容器中安装syslog-ng.外部docker框是Arch Linux(内核4.14.8 + systemctl).Docker容器以CentOS 6的身份运行.如果我在容器中安装syslog-ng并启动它,它将显示以下消息.
So, I try to install syslog-ng inside the docker container.The outside docker box is Arch Linux (kernel 4.14.8 + systemctl).The docker container is running as CentOS 6. If I install syslog-ng inside the container and start it, it shows following message.
# yum install -y syslog-ng # this will install syslog-ng 3.2.5
# /etc/init.d/syslog-ng start
Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
Starting syslog-ng: Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='s_sys', id='s_sys#0'
Error initializing message pipeline;
推荐答案
CentOS 6 :
1.
Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
Starting syslog-ng: Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
您可以通过安装syslog-ng-libdbi
软件包来解决上述错误:
You can fix above error by installing syslog-ng-libdbi
package:
yum install -y syslog-ng-libdbi
2.
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='s_sys', id='s_sys#0'
Error initializing message pipeline;
由于syslog-ng
对内核消息没有直接访问权限,因此您需要在其配置中禁用(注释):
Since syslog-ng
doesn't have direct access on the kernel messages, you need to disable (comment) that in its configuration:
sed -i 's|file ("/proc/kmsg"|#file ("/proc/kmsg"|g' /etc/syslog-ng/syslog-ng.conf
CentOS 7:
1.
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
system()
源处于默认配置.此源自动读取特定于平台的源,如果内核为3.5版或更高版本,则在Linux上读取/dev/kmsg
.因此,我们需要在配置文件中禁用(注释)system()
源:
The system()
source is in default configuration. This source reads platform-specific sources automatically, and reads /dev/kmsg
on Linux if the kernel is version 3.5 or newer. So, we need to disable (comment) system()
source in configuration file:
sed -i 's/system()/# system()/g' /etc/syslog-ng/syslog-ng.conf
2..当我们在前台模式syslog-ng -F
中启动它时,会得到以下信息:
2. When we start it in foreground mode syslog-ng -F
we get the following:
# syslog-ng -F
syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'
因此,我们需要以root用户身份运行syslog-ng
,而无需功能支持:
So, we need to run syslog-ng
as root, without capability-support:
syslog-ng --no-caps -F
这篇关于如何让syslog在docker中可行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!