问题描述

我的应用程序将发送syslog local0消息.当我将应用程序移至docker时，我发现很难显示syslog.

My application will send out syslog local0 messages.When I move my application into docker, I found it is difficult to show the syslog.

我试图以--log-dirver作为syslog或日记方式运行docker，两者都工作异常，当我尝试运行时，/var/log/local0.log显示Docker容器的控制台输出而不是我的应用程序的syslog该命令在容器内

I've tried to run docker as --log-dirver as syslog or journald, both works strange, the /var/log/local0.log show console output of docker container instead of my application's syslog when I try to run this command inside container

logger -p local0.info -t a message

因此，我尝试在docker容器中安装syslog-ng.外部docker框是Arch Linux(内核4.14.8 + systemctl).Docker容器以CentOS 6的身份运行.如果我在容器中安装syslog-ng并启动它，它将显示以下消息.

So, I try to install syslog-ng inside the docker container.The outside docker box is Arch Linux (kernel 4.14.8 + systemctl).The docker container is running as CentOS 6. If I install syslog-ng inside the container and start it, it shows following message.

# yum install -y syslog-ng  # this will install syslog-ng 3.2.5
# /etc/init.d/syslog-ng start
Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
Starting syslog-ng: Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='s_sys', id='s_sys#0'
Error initializing message pipeline;

推荐答案

CentOS 6 :

1.

Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql' 
Starting syslog-ng: Plugin module not found in 'module-path'; module-path='/lib64/syslog-ng', module='afsql'

您可以通过安装syslog-ng-libdbi软件包来解决上述错误:

You can fix above error by installing syslog-ng-libdbi package:

yum install -y syslog-ng-libdbi

2.

Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='s_sys', id='s_sys#0'
Error initializing message pipeline;

由于syslog-ng对内核消息没有直接访问权限，因此您需要在其配置中禁用(注释):

Since syslog-ng doesn't have direct access on the kernel messages, you need to disable (comment) that in its configuration:

sed -i 's|file ("/proc/kmsg"|#file ("/proc/kmsg"|g' /etc/syslog-ng/syslog-ng.conf

CentOS 7:

1.

Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'

system()源处于默认配置.此源自动读取特定于平台的源，如果内核为3.5版或更高版本，则在Linux上读取/dev/kmsg.因此，我们需要在配置文件中禁用(注释)system()源:

The system() source is in default configuration. This source reads platform-specific sources automatically, and reads /dev/kmsg on Linux if the kernel is version 3.5 or newer. So, we need to disable (comment) system() source in configuration file:

sed -i 's/system()/# system()/g' /etc/syslog-ng/syslog-ng.conf

2..当我们在前台模式syslog-ng -F中启动它时，会得到以下信息:

2. When we start it in foreground mode syslog-ng -F we get the following:

# syslog-ng -F
syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'

因此，我们需要以root用户身份运行syslog-ng，而无需功能支持:

So, we need to run syslog-ng as root, without capability-support:

syslog-ng --no-caps -F

这篇关于如何让syslog在docker中可行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！