Syslog Client Installation and Debugging Guide

apk update
apk add rsyslog

echo "*.*@172.17.0.x:514" >> /etc/rsyslog.conf

rsyslogd -f /etc/rsyslog.conf -n

# netstat -anut で確認
# ps auxでプロセスが起動しているか確認

syslogクライアントのインストール

apk update
apk add rsyslog

/etc/rsyslog.confのコメントを外して以下の状態にする

# UDP Syslog Server:
$ModLoad imudp.so  # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514

syslogデーモンを立ち上げる

rsyslogd -f /etc/rsyslog.conf -n

ps auxでプロセスが起動しているか確認

DEBUG

以下のログが受け取れてればOK. docker-composeでlabelを貼っておけば 59cdfaeb9cf1 などはコンテナ名になるはず…

2018-12-15T09:31:39+00:00 59cdfaeb9cf1 rsyslogd: invalid or yet-unknown config file command 'UDPServerRun' - have you forgotten to load a module? [v8.34.0 try http://www.rsyslog.com/e/3003 ]
2018-12-15T09:31:39+00:00 59cdfaeb9cf1 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
2018-12-15T09:31:39+00:00 59cdfaeb9cf1 rsyslogd: activation of module imklog.so failed [v8.34.0 try http://www.rsyslog.com/e/2145 ]
2018-12-15T09:31:39+00:00 59cdfaeb9cf1 rsyslogd:  [origin software="rsyslogd" swVersion="8.34.0" x-pid="154" x-info="http://www.rsyslog.com"] start
2018-12-15T09:34:27+00:00 59cdfaeb9cf1 sshd[174]: Server listening on 0.0.0.0 port 10002.
2018-12-15T09:34:44+00:00 59cdfaeb9cf1 sshd[175]: Failed password for guest22 from 172.17.0.3 port 50462 ssh2
2018-12-15T09:34:46+00:00 59cdfaeb9cf1 sshd[175]: Failed password for guest22 from 172.17.0.3 port 50462 ssh2
2018-12-15T09:34:51+00:00 59cdfaeb9cf1 sshd[175]: Accepted password for guest22 from 172.17.0.3 port 50462 ssh2
2018-12-15T09:35:54.847533+00:00 4f5950e4cd7f rsyslogd: -- MARK --
2018-12-15T09:39:33+00:00 59cdfaeb9cf1 sshd[177]: Received disconnect from 172.17.0.3 port 50462:11: disconnected by user
2018-12-15T09:39:33+00:00 59cdfaeb9cf1 sshd[177]: Disconnected from user guest22 172.17.0.3 port 50462