Configuration

Configuration

collectorforkubernetes-syslog.yaml

To find server version of your Kubernetes cluster use

$ kubectl version

Match the server version with one of the links below. If you are using version, which is not in this list you can try the closest version.

If you are using version, which is not on the list, please email us contact@outcoldsolutions.com

Kubernetes 1.14.x, 1.15.x, 1.16.x, 1.17.x
Kubernetes 1.10.x, 1.11.x, 1.12.x, 1.13.x
Kubernetes 1.9.x
- Using DaemonSet version API apps/v1
Kubernetes 1.8.x
- Using DaemonSet apps/v1beta2
- Using ClusterRole and ClusterRoleBinding version API rbac.authorization.k8s.io/v1
Kubernetes 1.7.x
Kubernetes 1.6.x
- Added ClusterRole and ClusterRoleBinding (to be able to access Kubernetes API with service account)
Kubernetes 1.5.x
- Note: not all dashboard work in Monitoring Kubernetes application, but collector forwards logs, metrics for containers and processes.

Created Kubernetes Objects

Configuration file collectorforkubernetes-syslog.yaml creates several Kubernetes Objects.

Namespace collectorforkubernetes-syslog.
ClusterRole collectorforkubernetes-syslog with limited capabilities to get, list and watch deployed objects. Collector uses this information to enrich logs and stats with kubernetes specific metadata.
ServiceAccount collectorforkubernetes-syslog is used to connect to Kubernetes API.
ClusterRoleBinding collectorforkubernetes-syslog to bind service account to cluster role.
ConfigMap collectorforkubernetes-syslog delivers configuration files for collector.
DaemonSet collectorforkubernetes-syslog allows to deploy collector on none-master nodes.
DaemonSet collectorforkubernetes-syslog-master allows to deploy collector on master nodes.
Deployment collectorforkubernetes-syslog-addon is a single collector, that needs to forward data from the whole cluster once.

Read commentaries in collectorforkubernetes-syslog.yaml file to get more deep details on all configurations and source of the logs and metrics.

Links

Installation
- Forwarding container logs, application logs, host logs and audit logs
- Test our solution with the embedded 30 days evaluation license.
Collector Configuration (Kubernetes)
- Collector configuration reference for Kubernetes clusters.
Collector Configuration (OpenShift)
- Collector configuration reference for OpenShift clusters.
Annotations
- Changing type and format of messages forwarded from namespaces, workloads and pods.
- Forwarding application logs.
- Multi-line container logs.
- Fields extraction for application and container logs (including timestamp extractions).
- Hiding sensitive data, stripping terminal escape codes and colors.
Audit Logs
- Configure audit logs.
- Forwarding audit logs.
Troubleshooting
FAQ and the common questions
License agreement
Pricing
Contact

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.

Forwarding Kubernetes logs to QRadar - Version 5

Configuration

collectorforkubernetes-syslog.yaml

Created Kubernetes Objects

Links

About Outcold Solutions