You can configure Rancher to send Kubernetes logs to a Syslog server.

Configuring Syslog

You can configure Rancher to send cluster or project logs to Syslog.

Prerequisite: You must have a Syslog server configured.

  1. Browse to the cluster or project that you want to log.

    If you’re a cluster owner or member who works in operations or security, configure cluster logging.

    1. From the Global view, open the cluster that you want to configure logging for.

    2. From the main menu, select Tools > Logging.

    If you’re a project owner or member who works on an application, configure project logging.

    1. From the Global view, open the project that you want to configure logging for.

    2. From the main menu, select Resources > Logging.

  2. Select Syslog.

  3. Complete the Syslog Configuration form.

    1. From the Endpoint field, enter the IP address and port for your Syslog server. Additionally, select the protocol that your Syslog server uses from the drop-down.

    2. From the Program field, enter the name of the application sending logs to your Syslog server (i.e., Rancher).

    3. If you are using a cloud logging service (i.e., Sumologic), enter a Token that authenticates with your Syslog server. Use the cloud logging service to create this token.

    4. Select a Log Severity for events that are logged to the Syslog server. For more information on each severity level, see the Syslog protocol documentation.

  4. If your Syslog server uses TCP protocol, complete the SSL Configuration form.

    1. Enter a private key and client certificate. Either copy and paste them or browse to them using Read from a file. This certificate will be installed on your logging server.

      You can use either a self-signed certificate or one provided by a certificate authority.

      You can generate a self-signed certificate using an openssl command. For example:

      openssl req -x509 -newkey rsa:2048 -keyout myservice.key -out myservice.cert -days 365 -nodes -subj "/CN=myservice.example.com"
      
    2. If you are using a certificate from a certificate authority (and not a self-signed certificate), select the Enabled - Input trusted server certificate option and then enter your Trusted Server Certificate.

  5. Complete the Additional Logging Configuration form.

    1. Optional: Use the Add Field button to add custom log fields to your logging configuration. These fields are key value pairs (such as foo=bar) that you can use to filter the logs from another system.

      1. Enter a Flush Interval. This value determines how often Fluentd flushes data to the logging server. Intervals are measured in seconds.
  6. Click Save.

Result: Rancher is now configured to send logs to your Syslog server. View your Syslog stream to view logs for your cluster and containers.