I want to send all application logs in a specific project to siem environment by using syslog protocol in Red Hat OpenShift for storing regulative logs on siem and creating alarm rules on siem. And also I want to learn that how it can be done on Kubernetes. I discovered that there is a pipeline mechanism for this need at OpenShift but it doesn't work at project level.
- logs.app - Container logs generated by user applications running in
the cluster, except infrastructure container applications.
If I send all logs to siem by using this method that this configuration will be cause unnecessary workload and unnecessary storage usage.
Reference:
https://docs.openshift.com/container-platform/4.5/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-configure_cluster-logging-external
Questions:
How can we forward project specific app logs to an external syslog server for OpenShift?
How can we forward project specific app logs to an external syslog server for Kubernetes?
If there is a difference for external log forwarding configuration for Kubernetes or OpenShift, can you share more details?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…