-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Elastic-Agent] [Docker] Discuss: accessing logs from different container #128
Comments
Pinging @elastic/ingest-management (Team:Ingest Management) |
/cc @ruflin @michalpristas @ph |
I don't think we are quite there yet with the Docker/Kubernetes story with Agent. This really comes down to dynamic configurations and the ability for Agent to interact directly with Docker and Kubernetes. |
This is the effort being tracked in elastic/beats#19225, yes? |
I understand. Thanks for responding! The reason why am I asking is because we'll need to somehow fetch logs from containers and wouldn't like to enforce a nasty workaround if there is a sophisticated method available. EDIT: There were few options on the table (rather quick wins, workarounds):
|
@ycombinator elastic/beats#19255 is the one. At the moment in 7.9 there is no sophisticated method. |
elastic/beats#19225 is part of the solution. @mtojek I assume we just beats, you solve this with autodiscovery? If you want all logs, I would assume the "old" trick around mounting volumes should still work? https://www.elastic.co/guide/en/beats/filebeat/master/running-on-docker.html#_volume_mounted_configuration It assumes the nginx logs are not stored inside the container but written to file by docker. |
Not sure if I follow your idea. The Elastic Agent runs as binary in a Docker container, together with filebeat and metricbeat. My question is: how can I expose directories with logs to these processes? According to what @blakerouse confirmed, there is no specific method, hence I'm asking for some official recommendation :) |
The way it is done today (see link I provided) is that the Container in which Filebeat is running (in your case the Agent), it mounts volumes from the Docker Host where these logs are stored. Now Filebeat (Agent) must be pointed to these directories with the logs and tail them. The above follows the assumption that you can the default json-file logging driver and nginx container writes to it (not the log file inside your container). I think I miss something on why what is possible with Filebeat should not be possible with Agent? |
Most likely that's possible, but I didn't measure performance here. I'm not sure if there were similar tests executed. I'm looking for the method which causes less problems, e.g. docker container restarts, suddenly unmounted volumes, missing permissions. There are couple of follow up questions: |
As this is a way we recommended for quite some time I would expect it to work fairly well. @exekias Perhaps you can chime in here? For your follow up questions:
|
Hi, Just move to elastic-agent with Fleet management. |
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Hi all.
|
I'd like to ask for your recommendation for users that prefer to run Elastic Agent in the container (let's say due to security reasons).
Let's discuss the scenario:
The integrated product is nginx running in a container. It produces logs stored locally in the image and which are rotated. As the agent is running in a different container, it can't simply access produced logs.
What is your recommendation in this particular case? Should the user expose somehow log files? Mirror them?
Background -
I had an interesting talk with @ycombinator about possibilites and testing scenarios and it looks that we will both have to nail this problem (force agent to watch logs produced in a different container).
The text was updated successfully, but these errors were encountered: