Comments (2)
nblumhardt
commented on July 20, 2024
Thanks for the suggestion 👍
from seq-input-gelf.
ArwynFr
commented on July 20, 2024
Hey, I've made more tests on that topic and I came across an important security information.
When configuring a docker container to use the gelf logging driver, the communication with the graylog endpoint is coming from the docker engine (at host level) and not from inside the container. The same applies with docker swarms: logging is done by the node rather than the swarm. This has multiple consequences :
- You can't access a sqelf container over an overlay network / using a container name, even if sqelf runs in docker
- You don't need to attach your source containers to a common network with the sqelf container to allow logging
- Your sqelf container must be accessible from the host level, which you can do by binding port 12201 to the host
- Since the graylog protocol has no authentication feature, the sqelf container must not be accessible from the network
You'll probably end up binding --port "127.0.0.1:12201:12201/udp"
This, purposely, can't be done on docker swarm services.
Swarm services are spread across multiple nodes and communicate on a virtual (overlay) network. You can't bind a swarm service to the lo interface, because if you were able to do so, the container would be unable to communicate with the rest of the swarm, which you can't tell which part is hosted on the same node and which part was moved to another one. This would, in turn, cause problems with the docker swarm load balancing features. Docker swarm are forcefully bound to the overlay network, either internally with no access from the hosts, or publicly accessible from the world.
Solving this problem is actually very simple. The graylog endpoint has to thought of as an infrastructure concern. Sqelf must not run on the docker swarm, which has to hosts only business services. You would just deploy a non-swarm docker stack to the local docker, with a lo port binding on a sqelf container. You would configure all your docker containers, including swarm services, to log with gelf towards udp://localhost:12201, which would point to your node's local sqelf instance. Whenever your container is moved across the swarm to another node, there would still be a locally accessible gelf instance listening on the same relative endpoint. The node's local gelf instance would then forward logs to your Seq ingress port using the local API key authentication. Each node could have a different API key, with custom filters, additional tags, etc ...
On the other hand, whether or not you run Seq on the swarm is up to you ; only sqelf has to be local.
The conclusion of all this is : you can't use sqelf with docker secrets (because secrets is a swarm feature).
Loading the API key from a file still is a nice feature I think.
from seq-input-gelf.
Related Issues (20)
- Ingestion failed: Invalid URI: The URI scheme is not valid. HOT 3
- Spurious error logs when diagnostics enabled with TLS HOT 2
- control charater found while parsing a string HOT 1
- invalid unicode code point ? HOT 5
- select another timestamp key HOT 2
- Filter out "Empty" information messages HOT 2
- bin/sqelf: No such file or directory HOT 3
- The App Process is Stopped HOT 1
- Connection to Seq using gelf refusing HOT 1
- Add HTTP support HOT 2
- High memory consumption HOT 1
- All events from Docker Imported as Error Level in Seq HOT 6
- Nothing being received in Seq? (Laravel / Gelf / Seq) HOT 5
- GELF processing failed HOT 8
- sqelf in Docker doesn't listen on 12201/TCP HOT 4
- "GELF processing failed irrecoverably" stops the receiver HOT 7
- ARM64 container for seq-input-gelf HOT 7
- "No template provided" HOT 14
- Question: Regex transformation of message possible? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from seq-input-gelf.