directing logs to remote syslog with any local syslog instance

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

directing logs to remote syslog with any local syslog instance

zhong ming wu
Hello,
I had successfully used postfix for years and now I am trying to recreate postfix clusters in docker and in particular interested in how I can direct all postfix logs from a container to other places.

I do not find in postfix configuration how one can achieve this without any local syslog daemon.  Can someone please confirm that it's not possible to capture postfix logs without the assistance of any local syslog daemon?    If so, can I put a feature request to be able to adjust which syslog server postfix logs to as well as ability for postfix to log to stdout/stderr.  the spirit of the docker container is that one is supposed to have only one software running in it and it will be nice if we do not have to maintain any syslog instance in the container.  My plan is to run syslog in another container and have postfix send all logs there.
Thanks
mr wu
Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

Wietse Venema
zhong ming wu:
> Hello,
> I had successfully used postfix for years and now I am trying to recreate
> postfix clusters in docker and in particular interested in how I can direct
> all postfix logs from a container to other places.
>
> I do not find in postfix configuration how one can achieve this without any
> local syslog daemon.

Syslog is a hard library dependency for Postfix. Why can't dockerd
provide a syslog forwarder, just like it already provides a stdout
and stderr forwarder? That would also help with other daemons that
rely on syslog to avoid app-specific logfiles.

Options:

- Configure the syslog library destination, if your syslog
  library has such an option.

- Link Postfix with a syslog library that can be configured to send
  to a different destination.

- Configure a local syslog server to forward the logging without
  writing it to file.

> If so, can I put a feature request to be able to adjust which syslog server
> postfix logs to as well as ability for postfix to log to stdout/stderr.

Stdout/stderr logging may not be a good idea for a production mail
server. How would one separate records that are written concurrently?
Note that stderr is not buffered, i.e. one byte per write(2) call.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

Bill Cole-3
In reply to this post by zhong ming wu
On 29 Oct 2017, at 17:22 (-0400), zhong ming wu wrote:

> Hello,
> I had successfully used postfix for years and now I am trying to
> recreate
> postfix clusters in docker and in particular interested in how I can
> direct
> all postfix logs from a container to other places.
>
> I do not find in postfix configuration how one can achieve this
> without any
> local syslog daemon.  Can someone please confirm that it's not
> possible to
> capture postfix logs without the assistance of any local syslog
> daemon?
> If so, can I put a feature request to be able to adjust which syslog
> server
> postfix logs to as well as ability for postfix to log to
> stdout/stderr.
> the spirit of the docker container is that one is supposed to have
> only one
> software running in it and it will be nice if we do not have to
> maintain
> any syslog instance in the container.  My plan is to run syslog in
> another
> container and have postfix send all logs there.
> Thanks
> mr wu

Using the Docker "syslog" log-driver you can direct syslog messages from
a container to an arbitrary IP & port number.

See https://docs.docker.com/engine/admin/logging/syslog/#usage


--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

Wietse Venema
In reply to this post by Wietse Venema
Wietse Venema:

> zhong ming wu:
> > Hello,
> > I had successfully used postfix for years and now I am trying to recreate
> > postfix clusters in docker and in particular interested in how I can direct
> > all postfix logs from a container to other places.
> >
> > I do not find in postfix configuration how one can achieve this without any
> > local syslog daemon.
>
> Syslog is a hard library dependency for Postfix. Why can't dockerd
> provide a syslog forwarder, just like it already provides a stdout
> and stderr forwarder? That would also help with other daemons that
> rely on syslog to avoid app-specific logfiles.

A search for 'container syslog' turned up some results.  Apparently,
this can be done by mounting the host's logging sockets inside a
container.

Example:
https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/

        Wietse

> Options:
>
> - Configure the syslog library destination, if your syslog
>   library has such an option.
>
> - Link Postfix with a syslog library that can be configured to send
>   to a different destination.
>
> - Configure a local syslog server to forward the logging without
>   writing it to file.
>
> > If so, can I put a feature request to be able to adjust which syslog server
> > postfix logs to as well as ability for postfix to log to stdout/stderr.
>
> Stdout/stderr logging may not be a good idea for a production mail
> server. How would one separate records that are written concurrently?
> Note that stderr is not buffered, i.e. one byte per write(2) call.
>
> Wietse
>
Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

zhong ming wu


On Mon, Oct 30, 2017 at 8:45 AM, Wietse Venema <[hidden email]> wrote:
Wietse Venema:
> zhong ming wu:
> > Hello,
> > I had successfully used postfix for years and now I am trying to recreate
> > postfix clusters in docker and in particular interested in how I can direct
> > all postfix logs from a container to other places.
> >
> > I do not find in postfix configuration how one can achieve this without any
> > local syslog daemon.
>
> Syslog is a hard library dependency for Postfix. Why can't dockerd
> provide a syslog forwarder, just like it already provides a stdout
> and stderr forwarder? That would also help with other daemons that
> rely on syslog to avoid app-specific logfiles.

A search for 'container syslog' turned up some results.  Apparently,
this can be done by mounting the host's logging sockets inside a
container.

Example:
https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/



Great find!  It works well except it's not so simple to distinguish the logs between host mail log and container mail logs!   postfix is relying on the syslog daemon to add hostname information.

 
        Wietse

> Options:
>
> - Configure the syslog library destination, if your syslog
>   library has such an option.
>
> - Link Postfix with a syslog library that can be configured to send
>   to a different destination.
>
> - Configure a local syslog server to forward the logging without
>   writing it to file.
>
> > If so, can I put a feature request to be able to adjust which syslog server
> > postfix logs to as well as ability for postfix to log to stdout/stderr.
>
> Stdout/stderr logging may not be a good idea for a production mail
> server. How would one separate records that are written concurrently?
> Note that stderr is not buffered, i.e. one byte per write(2) call.
>
>       Wietse
>

Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

Wietse Venema
zhong ming wu:

> On Mon, Oct 30, 2017 at 8:45 AM, Wietse Venema <[hidden email]> wrote:
>
> > Wietse Venema:
> > > zhong ming wu:
> > > > Hello,
> > > > I had successfully used postfix for years and now I am trying to
> > recreate
> > > > postfix clusters in docker and in particular interested in how I can
> > direct
> > > > all postfix logs from a container to other places.
> > > >
> > > > I do not find in postfix configuration how one can achieve this
> > without any
> > > > local syslog daemon.
> > >
> > > Syslog is a hard library dependency for Postfix. Why can't dockerd
> > > provide a syslog forwarder, just like it already provides a stdout
> > > and stderr forwarder? That would also help with other daemons that
> > > rely on syslog to avoid app-specific logfiles.
> >
> > A search for 'container syslog' turned up some results.  Apparently,
> > this can be done by mounting the host's logging sockets inside a
> > container.
> >
> > Example:
> > https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/
>
> Great find!  It works well except it's not so simple to distinguish the
> logs between host mail log and container mail logs!   postfix is relying on
> the syslog daemon to add hostname information.

You can configure in main.cf:

    syslog_name = $myhostname/postfix (default=postfix)

This takes effect after reading main.cf. Errors that happen earlier
will be logged as "syslog_name = postfix".

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: directing logs to remote syslog with any local syslog instance

zhong ming wu


On Tue, Oct 31, 2017 at 7:35 AM, Wietse Venema <[hidden email]> wrote:
zhong ming wu:
> On Mon, Oct 30, 2017 at 8:45 AM, Wietse Venema <[hidden email]> wrote:
>
> > Wietse Venema:
> > > zhong ming wu:
> > > > Hello,
> > > > I had successfully used postfix for years and now I am trying to
> > recreate
> > > > postfix clusters in docker and in particular interested in how I can
> > direct
> > > > all postfix logs from a container to other places.
> > > >
> > > > I do not find in postfix configuration how one can achieve this
> > without any
> > > > local syslog daemon.
> > >
> > > Syslog is a hard library dependency for Postfix. Why can't dockerd
> > > provide a syslog forwarder, just like it already provides a stdout
> > > and stderr forwarder? That would also help with other daemons that
> > > rely on syslog to avoid app-specific logfiles.
> >
> > A search for 'container syslog' turned up some results.  Apparently,
> > this can be done by mounting the host's logging sockets inside a
> > container.
> >
> > Example:
> > https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/
>
> Great find!  It works well except it's not so simple to distinguish the
> logs between host mail log and container mail logs!   postfix is relying on
> the syslog daemon to add hostname information.

You can configure in main.cf:

    syslog_name = $myhostname/postfix (default=postfix)

This takes effect after reading main.cf. Errors that happen earlier
will be logged as "syslog_name = postfix".


This works perfectly!  Thank you


 
        Wietse