Comments (17)
This question is a little vague perhaps. Can you be a little more specific?
I can just tell that the combination of fluentd
and file-log
seems a little off; I would expect you to use http-log
with a fluentd
instance/end point somewhere. That fluentd
is just a log forwarder is clear, right? You will need more components to get useful data out, like ElasticSearch and Kibana.
If you don't have expertise in running those kinds of systems, using an out of the box SaaS solution like Loggly or Galileo might be advisable.
/Martin
from wicked.haufe.io.
I meant the fluentd. I am working on a Ubuntu server with docker on an Azure VM, I have my td-agent downloaded, but i am not able to get it work with my kong. When I use a Curl kong command, it says cannot reach http:/kong:8001.
from wicked.haufe.io.
That curl http://kong:8001
does not work from the docker host is expected; kong
is a virtual DNS name inside the docker network, and it's not exposed to the outside (i.e. to the docker host). Neither would you ever expose the Kong Admin API Port without securing it to the outside world.
Can you describe what you are trying to accomplish? What is the result you expect or want?
from wicked.haufe.io.
I am trying to log my request and response of my wicked APIs
from wicked.haufe.io.
Elasticsearch and Kibana seems to be the option, but I am not sure how to go about it. Any help?
from wicked.haufe.io.
I haven't done this yet for wicked, as we are internally using our own GreyLog logging instance, so that I haven't had the need to do this yet. It is definitely on my todo list to write some documentation on how to do this, but I can give you some hints what has to be done now.
- There are (base) docker images for all three components, so you can combine them into their own
docker-compose.yml
file; - You will probably need to create a suitable configuration for fluentd, but simply forwarding to elasticsearch should work for starters, as the log format of http-log is JSON
- I would use a separate deployment for this, possibly to a different docker host
- Configure your APIs to use the
http-log
plugin and insert the end point your fluentd instance listens to as the receiving end
A sample (NOT suited for production) can be found in one of our github repositories:
https://github.com/Haufe-Lexware/docker-templates/tree/master/logaggregation
Things to get straight:
- You will not want to expose your logging port to the public (if possible); if you have to, secure it via SSL and possibly Basic Auth
- You should also secure the Kibana application in a suitable way, otherwise it'd be available to the public, which is most probably not desired.
from wicked.haufe.io.
Thanks Martin, I will try that out surely.
from wicked.haufe.io.
Hi Martin,
On this same topic, I have been trying to implement the http-log plugin with our published API. The goal is to send log data in json format to a listening http endpoint that can then be consumed by logstash/elastic or sent directly to a back-end database. Unfortunately I was not able to get this working. Below is the plugin configuration I have used:
[
{
"name": "http-log",
"config": {
"http_endpoint": "http://tes-secure.cloudapp.net:8081/log",
"method": "POST",
"timeout": "1000",
"keepalive": "1000"
}
}
]
where within my application I have an endpoint that accepts a POST to the url http://tes-secure.cloudapp.net:8081/log. However, this does not send any log data to the endpoint. I have tested using curl:
curl -X POST -d "type":"testing POST to url","value":"100" http://tes-secure.cloudapp.net:8081/log
and this does indeed send the enclosed json data to the endpoint. Am I missing some basic understanding here of how this should work?
Many thanks,
Aaron
from wicked.haufe.io.
I have done some testing, and for me it seems to work in principle. I can just guess on a couple of other things which may go wrong:
- Does the docker Host physically have access to your logging server?
- E.g., are the ports open for outbound traffic in Azure?
If you deployed to your Docker Host using your own machine, you can test this by doing the following:
$ docker ps
... # read out the container ID or NAME of the Kong instance
$ docker exec -it <ID or NAME> bash
[root@80c91ab31513 /]$ curl -X POST -d "testing=access" http://tes-secure.cloudapp.net:8081/log
Successful Post[root@80c91ab31513 /]$
If that does not succeed, you are having a connectivity issue from Kong to your logging "service". If that does succeed, we will have to look for other reasons.
from wicked.haufe.io.
Hi Martin,
Thanks for your response. The curl from the kong container was successful. I think you may be correct regarding the outbound rules with Azure. I have been on a support call with Microsoft separately regarding the exposure of say https://portal.thinkevolvesolve.ie and they are currently investigating why the rules we have are not working.
However, if the curl from the Linux VM is working this would suggest outbound rules are working, no?
Many thanks,
Aaron
from wicked.haufe.io.
Yes, the outbound rule seems to be working if the curl
works from within the container.
While you're in the Kong container, check /usr/local/kong/logs/error.log
, do you see anything suspicious there?
from wicked.haufe.io.
This gives back an empty file.
I have tested the http-log plugin on my laptop and it works - it's sends logging data to the endpoint - so this suggests that implementation on the Azure VM is where the error lies. Most likely as you have suggested due to in/outbound rule setting.
I will let you know whenever Microsoft resolve this to confirm the source of the error.
from wicked.haufe.io.
Perfect. Thanks. Any information which leads to others not running into this situation is appreciated.
from wicked.haufe.io.
@TESAARON: You wrote you had managed to set up an ELK stack for your wicked instance. Mind to share how you configured it?
from wicked.haufe.io.
Hi Martin,
Yes no problem. Here are the steps I followed to configure ELK (elastic, logstash, kibana) with the API portal.
- In Kickstarter, when configuring the API, use the Kong http plugin. This will look like the following:
[
{
"name": "http-log",
"config": {
"http_endpoint": "http://localhost.net:8081/log",
"method": "POST",
"timeout": "1000",
"keepalive": "1000"
}
}
] - In my API runtime I have a listener at http://localhost.net:8081/log that pushes the posted log to a MySQL database in the backend.
- Downloaded and unpack the following ELK stack in a directory i.e. 'elk_docker'
ELK.zip - Type the following commands:
$ cd path/to/elk_docker
$ docker-compose build
$ docker-compose up - This should build the elk container and start it running.
- If configured properly this will now listen for changes to the table: logging.tbl_api_log in the backend mysql database.
- Therefore any calls to the API will now:
(a) send a log report to the MySQL table (logging.tbl_api_log)
(b) elastic and logstash will listen for any new entries to this table
(c) kibana (accessible via localhost:5601) will visualize these logs. - For further information on the configured ELK stack refer to:
https://hub.docker.com/r/sebp/elk/
Regards,
Aaron
from wicked.haufe.io.
Thanks!
from wicked.haufe.io.
This is no longer really interesting to set up specifically for wicked. Wicked's containers all log to stdout, and thus you can ship off all logs for both the wicked and the kong containers to wherever you want.
It does not solve the analytics part, but that's still not a priority for wicked.
from wicked.haufe.io.
Related Issues (20)
- Installing custom plugins on Kong HOT 4
- SAML2 silent refresh (OAuth2 with &prompt=none) fails HOT 1
- Creating an app key (API Bundles) HOT 3
- Error building dev env on Windows HOT 14
- Refactoring build process: CLI should be part of repo, release node-sdk and CLI at release
- Kong headers HOT 1
- E-Mail validation link wrong in user profile (portal) HOT 1
- Isolate the Portal to use with my own Kong Deployment HOT 9
- Deployment on k3s not working (containerd runtime) HOT 5
- Admin cannot validate email from the user's profile view. HOT 2
- Typescript compile failing due to @types/node update HOT 1
- Portal loosing consumers HOT 4
- Kong adapter not updating the api-group column for previous subscriptions
- OpenID IdPs which do not support userinfo endpoint are not supported correctly
- Deployments are missing NodeSelectors and Tolerations HOT 1
- Cannot login inside the wicked portal with the initial user if the password is encrypted
- wicked-kong produces lots of error messages
- Response from Auth endpoints come as HTML instead of JSON
- Support TLS 1.2 for PostgreSQL DB connection
- Use Friendly Captcha as bot protection
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wicked.haufe.io.