https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
s

SK

02/01/2021, 10:43 AM
Hey guys, I was wondering how do you guys collect the logs from Fleet itself? Like from 
journalctl -u fleet.service
? Do you send it to a log manager?
👀 1
m

mikermcneil

02/02/2021, 3:40 AM
Is your goal to monitor for issues in the Fleet server? cc @Noah Talerman
s

SK

02/02/2021, 7:30 AM
@mikermcneil yes that would be the idea, if you have different fleet servers for load balancing you would need to go to all individually to look at the logs, I was wondering if there was a way to centralize them.
n

Noah Talerman

02/02/2021, 3:44 PM
Hi @SK, Fleet provides documentation for monitoring Fleet and working with Fleet server metrics here: https://github.com/fleetdm/fleet/blob/master/docs/1-Using-Fleet/5-Monitoring-Fleet.md Please, let me know if your use case doesn’t fall under the provided information in these docs.
ty 1
s

SK

02/02/2021, 7:20 PM
Hey @Noah Talerman we are already gathering these metrics, but I was thinking more like when you want to debug if a host is trying to connect that you can easily look for the IP of that host in the logs, at this moment I would need to login to each separate fleet server and query the journalctl I was wondering if the journal also writes to syslog or another log file.
n

Noah Talerman

02/03/2021, 4:03 PM
Ah I think I understand now. I don’t know the immediate answer to your question so I’ll bring your question up with the Fleet team today.
Hi @SK apologies for the delayed response. To answer your question on “how do you collect the logs from Fleet itself?“: People often use some kind of log aggregation tool for this so each Fleet server sends their logs to one central log manager. Some examples: Kubernetes has solutions for pulling logs into containers. AWS logs can go into a log manager called cloudwatch.
s

SK

02/08/2021, 5:10 PM
Hey @Noah Talerman thanks for your response. I do not have AWS or Kubernetes so will need to think of another onprem solution. Does fleet right it's logs similar to journalctl to a file that maybe I don't know about?
n

Noah Talerman

02/08/2021, 5:49 PM
I believe Fleet doesn’t write its logs to a file. Verifying that answer now.
Update: Fleet writes server logs to 
stderr
 which can be written to a file. You can write 
stderr
 to a file by running this command in a Unix shell: 
fleet serve 2> stderr.txt
s

SK

02/10/2021, 4:05 PM
Hey @Noah Talerman just figured out the logs are already written out to 
/var/log/daemon.log
🙄🤐 so no need for extra configuration. 😮 Maybe add this to the documentation for future reference.
n

Noah Talerman

02/10/2021, 5:00 PM
Ah! Thank you for letting me know. Are you sifting through multiple 
var/log/daemon.log
 files on each machine serving your Fleet instances?
s

SK

02/10/2021, 5:29 PM
Plan is to ship it over to a central log manager, now that I know where the logs are.
👍 1
4 Views
Powered by