IBM Cloud Docs
Configuring the log files that are collected by the agent

Configuring the log files that are collected by the agent

When you deploy or upgrade the Logging agent, you can configure the logs-values.yaml file to include and exclude the set of logs to be processed by the agent. By default the agent will collect the logs from /var/log/containers/*.log and ignore /var/log/at/*.

After you modify the logs-values.yaml, you can Upgrade the agent or continue modifying the file before applying all the changes.

Configuring custom log files

The following additional variables can be provided to include and exclude the set of logs to be processed by the agent:

  • excludeLogSourcePaths: List of files that the agent is configured to ignore. The defailt value is set to ignore /var/log/at/*
  • selectedLogSourcePaths: List of files that the agent collects and sends to IBM Cloud Logs. The default value is set to /var/log/containers/*.log. You can define multiple paths by using a comma separated list, for example /var/log/abc/*.log,/var/log/xyz/*.log.

The entry in the logs-values.yaml file looks as follows:

# comma separated list, for example “/var/log/abc/*.log,/var/log/xyz/*.log”
excludeLogSourcePaths: ""
selectedLogSourcePaths: ""

Configuring system component logs

System component logs record events that happen in the cluster. There are two types of system components: system components that run in a container and system components directly involved in running containers. For example, the kubelet and container runtime do not run in containers. The Kubernetes scheduler, controller manager, and API server run within pods. If your cluster uses kube-proxy, you typically run this as a DaemonSet.

Use the systemLogs setting to enable the processing of system component logs that are located in the /var/log directory. System logs in /var/log/containers/ are collected automatically unless you exclude them in the excludeLogSourcePaths section.

The entry in the logs-values.yaml file looks as follows:

systemLogs:
  - /var/log/kube-apiserver.log. # Logs generated by the API server.
  - /var/log/kube-scheduler.log # Logs generated by the scheduler. This component is responsible for making scheduling decisions.
  - /var/log/kube-controller-manager.log # Logs generated by the Kube controller manager that runs most Kubernetes built-in controllers.
  - /var/log/kube-proxy.log  # Logs generated by the kube-proxy. This component is responsible for directing traffic to Service endpoints.
  - /var/log/kubelet.log  # Logs generated by the kubelet. This component is responsible for running containers on the node.
  - /var/log/syslog

By default, the kube_syslog parser is used.

Some of the classic Kubernetes clusters may require the systemLogsParser to be set to kube_syslog_classic in order to match the timestamp format on those systems. You can use the systemLogsParser option in order to consider a different parser. The entry in the logs-values.yaml file looks as follows:

systemLogsParser: "kube_syslog_classic"
systemLogs:
  - /var/log/syslog