this post was submitted on 07 Jan 2025
19 points (88.0% liked)

Selfhosted

41147 readers
623 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud
Loki
CannaVet
devve
HybridSarcasm
[email protected]
19
Looking for a logging solution (sh.itjust.works)
submitted 1 week ago by [email protected] to c/selfhosted
15 comments fedilink hide all child comments
 

Ok so I've been having a problem with logging for a while now. I use a centralized logging platform (Seq) to try and aggregate the logs of the containers I run but most of the log messages come through as errors. This is because the containers would stream their output to stderr and even though it's formatted it comes as one big error message.

Example:

[2025-01-06 18:17:23] INFO Registering with TVA backend, encode Job status: available

That's all one big error message I receive even though it's an INFO message. And every container is different. Their error message is formatted differently, some goes to stdout instead of stderr, some actually work.

Is there a piece of software that I can run that will intercept these messages and convert them to GELF?

Thanks

top 15 comments
sorted by: hot top controversial new old
[–] oji 4 points 1 week ago

https://docs.fluentbit.io/manual/pipeline/outputs/gelf

[–] [email protected] 4 points 1 week ago (1 children)

https://vector.dev

Loving this thing.

[–] [email protected] 2 points 1 week ago

Oh this looks promising.

[–] [email protected] 2 points 1 week ago

Seq is expecting structured logs which yours aren’t. So you want to either convert your app's logs into a structured format (which is generally hard for a random third-party application) or use a log collector that's fine with non-structured logs (e.g. Loki+grafana don’t care about the shape is your logs and you can format the output while querying).

[–] vegetaaaaaaa 1 points 1 week ago
  • simple: rsyslog: all local logs to a central syslog file (using the imfile module), all syslogsfrom all server to a central rsyslog server (over TCP/SSL, example here). Use lnav or something similar to consume the logs
  • more complex, resource-heavy: Graylog Open as a replacement for the central rsyslog server, setup pipelines/alerts/whatever... Currently considering replacing my Graylog instance with Wazuh but I don't know yet if it will be able to replace it completely for me
[–] [email protected] 1 points 1 week ago (1 children)

I'm not sure about your exact ask, I'd probably head towards setting up logstash and elasticsearch. It might be overkill for your needs though.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago) (1 children)

I'm not clear in the post I guess so I'll try to be more clear here.

  • I'm using Seq for my centralized logging.
  • The logs I get from most of my containers are not in GELF format. I cannot change that unless I change how logging works in all the programs I use. So I'll need to edit every source code and compile or ask each project to update their logging and output to GELF.
  • They are all shown as errors or info. It depends on the container because some send their logging info to stderr and some to stdout.
  • I'm looking for something that can intercept those logs from my other containers, format them to GELF, and send the formatted logs to Seq.
[–] [email protected] 4 points 1 week ago (1 children)

No I get what you're asking for I'm just mentioning that sometimes it's easier to use an application that can read multiple formats than it is to try to finagle everything back into one format.

[–] [email protected] 1 points 1 week ago (1 children)

Yeah but the thing is I have it set up to read the logs being sent out from my Docker containers. Even though I've set the containers to output using the GELF driver they don't really do that. The log messages my container send are not in GELF format so I have to find a way to fix that.

[–] [email protected] 1 points 1 week ago

Best of luck with it, logging's always a severe pain in the ass.

[–] beerclue 1 points 1 week ago

For live monitoring (not offline!), maybe dozzle can help?

[–] [email protected] 0 points 1 week ago (1 children)

Generally no, there is no one piece of software that can magically handle the quirks of each other piece of software. If there is, someone is making a lot of money by selling it.

If you want to handle your uncommon output formats, you'll need to define them in your log processor.

[–] [email protected] 1 points 1 week ago

Well I can get the logs in Seq. I don't know how to process the logs that come in so they are at the right level, timestamp, message, etc. Guess I look into it tomorrow...

[–] just_another_person -1 points 1 week ago (1 children)

https://docs.datalust.co/docs/collecting-docker-container-logs

You have a formatting issue. Solve for that instead of just switching to something else hoping it will get better.

[–] [email protected] 2 points 1 week ago

I've done that. I don't have a formatting issue. The containers I'm trying to get logs from have a formatting issue. They don't stream their logs in GELF. I am getting the logs but I can't change the formatting that they send me unless I mess with the code itself.