Configure Streaming of Logs

Objective

This guide provides instructions on how to enable streaming of all system and application logs to an external log collection or monitoring system. This is so that you can analyze events and measure application performance while establishing correlation with respect to other systems of your organization.

Using the instructions provided in this guide, you can configure log streaming through fleet and enable the streaming of logs for the sites that are part of the fleet.


Prerequisites

  • A valid Volterra Account.

    Note: If you do not have an account, see Create a Volterra Account.

  • One or more Volterra sites.

    Note: See Site Management for information on site creation.

  • An external log collection or monitoring system reachable from the Volterra site.

    Note: Ensure that the hostname is resolved and reachable from your Volterra site.


Enable Streaming of Logs

The example shown in this guide sets up a syslog server in a docker container and creates a log receiver object in VoltConsole for the syslog server. This example shown creates log receiver as part of Volterra fleet configuration. However, you can also create a log receiver object individually and later can add it to a fleet.

Perform the following in VoltConsole:

Step 1: Start external log collection server.

This example starts a syslog server in docker container.

  • Start docker container for syslog and expose ports 514 and 601 for UDP and TCP connections respectively. Volterra uses these ports by default for streaming logs when log streaming is enabled.
docker run -it --rm -p 514:514/udp -p 601:601 --name syslog-ng balabit/syslog-ng:latest

Note: You can configure a log collection system of your choice. However, ensure that the host is reachable from your Volterra site from which logs are intended to be streamed.

  • Optionally, log into the container start displaying tail logs.
docker exec -it syslog-ng tail -f /var/log/messages
  • Ensure that the syslog host is resolved from the Volterra site. This example adds an entry in the /etc/hosts file on your site with the hostname resolution.
192.168.1.33 syslog.mydomain
Step 2: Start creating fleet.
  • Navigate to Manage -> Site Management -> Fleets and click Add fleet.

Note: You can also edit an existing fleet using the ... -> Edit option.

  • Enter a name for your fleet and enter a label string for the Fleet Label Value field.

Note: The fleet label field is not available for editing an existing fleet.

  • Go to Advanced Configuration and enable the Show Advanced Fields option.
  • Select Enable Logs Streaming option for the Logs Streaming field.
  • Click on the Enable Logs Streaming field and click Create new log receiver from the displayed options in the drop-down list. This starts a log receiver creation form.

Note: The drop-down list displays log receiver objects if those are already created. You can also select an existing log receiver. This example shows creating a new receiver.

fleet log en
Figure: Enabling Log Streaming in Fleet

Note: For detailed instructions on fleet configuration, see Create Fleet guide.

Step 3: Create a log receiver and apply it to fleet.
  • Enter a name for your log receiver and enter Fully Qualified Domain Name (FQDN) of your external log collection host in the Server name field.

log rec syslog
Figure: Log Receiver Creation

Note: The default port numbers for UDP and TCP are 541 and 601 respectively. System streams logs using these ports by default.

  • Click Continue to create the log receiver, apply it to fleet, and return to fleet configuration.
Step 4: Complete fleet creation.
  • Click Save and Exit in the fleet configuration to apply the log receiver and create or update the fleet. The sites that are part of this fleet start streaming logs to the external syslog server specified in the log receiver configuration.

Note: Apply the fleet label to your sites from which you want to stream logs to the syslog server. For instructions on adding sites to fleet, see Create Fleet guide.

  • Verify that the logs are streamed by logging into the docker container as shown in Step 1.

Concepts