Hi!
Another option is to use one of the output plugins of rsyslog.
In your case, the closest solution would be to use the fwd output plugin, where you send the container syslog entries to the host’s rsyslog service.
The rsyslog people have a post about this, at https://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/
For this to work, you would need to
- make the host’s rsyslog to listen on the
lxdbr0
interface.
- configure the containers to send their syslog to a remote rsyslog server, i.e. the host.
Note that there is also the option to designate a separate container as the rsyslog container, and have that collect all syslog messages.
Configure the rsyslog service to receive syslog messages over the network
To configure rsyslog
to receive syslog messages over the network, edit the file /etc/rsyslog.conf
and change the following from
# provides UDP syslog reception
# module(load="imudp")
# input(type="imudp" port="514")
to
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" server="10.10.10.1" port="514")
Finally, restart the rsyslog service for the changes to take effect.
sudo systemctl restart rsyslog
Configure the rsyslog service to send syslog messages over the network to some other rsyslog server
To change a container so that it sends its syslog
messages remotely over the network to another rsyslog service, you can use the built-in omfwd
rsyslog module as follows.
*.* action(type="omfwd" target="10.10.10.1" port="514" protocol="udp")
In any case, see the rsyslog post on this (https://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/) which talks about further configuration, using tcp
with or instead of udp
, keeping messages in case the rsyslog server is not responding and so on.
Finally, a last touch would be to setup cloud-init
configuration in your LXD container profile so that it configures automatically any newly created container to send the syslog messages to the server.