Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to forward containers output to splunk via hec connector #482

Open
dbloms opened this issue Jun 21, 2022 · 6 comments
Open

Add support to forward containers output to splunk via hec connector #482

dbloms opened this issue Jun 21, 2022 · 6 comments
Labels
help wanted Extra attention is needed rust Rust code related PR's and issues

Comments

@dbloms
Copy link

dbloms commented Jun 21, 2022

We do currently use docker on Debian 11 and let the containers log on stdout through the
Splunk logging driver (https://docs.docker.com/config/containers/logging/splunk/) via HEC (https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) into Splunk.

In term of docker-compose this gives us the possibility to configure Splunk-logging on a per deployment basis, which is very comfortable as well as independent of any central configuration.

We would like to move to Podman on RHEL8 servers. Everything works fine so far, but we didn't find a way to log stdout of the containers via the HEC interface into Splunk, as the currently available podman version 4 does not provide such a splunk logging driver.

Is there a solution on the part of Podman to log the output of the containers into Splunk.

If not, is it possible to commission a corresponding development against payment?

I opened a feature request in the containers/conmon#340 and I was told to open the request in this repo.
@haircommander
Copy link
Collaborator

Thanks for opening the issue! the team is going to start by focusing on adding support in podman for conmon-rs, as that will be a required first-step. Once that's done, we can evaluate the work needed for this. In the meantime, anyone can chime in if they're interested in implementing this

@haircommander haircommander added the help wanted Extra attention is needed label Jun 21, 2022
@chillout2k
Copy link

We do also use the the splunk logging driver in our docker deployments and we would be very pleased if podman/conmon would support it too. From my point of view this logging driver is an important feature to make podman a real drop-in-replacement for docker in (splunk-specific) production environments.

Thanks in advance :)

@saschagrunert saschagrunert added the rust Rust code related PR's and issues label Jul 20, 2022
@saschagrunert saschagrunert changed the title adding support to forward containers output to splunk via hec connector Add support to forward containers output to splunk via hec connector Aug 2, 2022
@deeninetyone
Copy link

Bumping this, as I'm also looking for a better solution than scraping the container logfiles. Is this still waiting on podman changes? Is there a ticket in the podman repo for that?

@haircommander
Copy link
Collaborator

This still needs conmon-rs changes as well as podman changes. still a lot of work to do here

@haircommander haircommander mentioned this issue Feb 22, 2023
Closed
@mehdik2023
Copy link

Raising this issue again, this really need to be implemented or at least have some sort of workaround for it.

@saschagrunert
Copy link
Member

@mehdik2023 thank you for the ping! Do you plan to contribute the feature? Right now it seems no real priority for the project but we may raise it since multiple folks looking forward to a solution right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed rust Rust code related PR's and issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@saschagrunert @haircommander @dbloms @chillout2k @deeninetyone @mehdik2023