New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add logger configuration for json output #2222
Comments
Not sure what issue you had with parsing these messages with a regex as it seems pretty straight forward to me (even with the IKE name/ID being optional, it seems quite easy to parse). Note that depending on your use case, there are already structured log messages available via vici protocol. And charon-systemd's journal logger also logs these elements separately. What's your use case anyway?
I guess it would be possible to write the messages in a more structured way to files. Note that your example isn't JSON at all, though. That would look more like this (changed some of the properties to what we use in the vici logger):
However, there are some potential issues. One is that JSON doesn't support multi-line strings, so newlines in log messages would either have to be escaped as Another possible issue is that logging each log message as a JSON object wouldn't result in a valid JSON file. We could theoretically start the file with |
Hello @tobiasbrunner thanks for answering and also starting to think about this feature request. This means, that we have nothing running except charon-systemd and sleep to keep the container running. Therefore, logging to stderr fits perfectly to ingest all log messages to our central grafana loki instance. In loki we then split the message to label according to a regex. And as you said, this was pretty much straight forward. The only drawback is that the regex syntax to split the message to labels is such beautiful in loki as:
You might get the point ;) Where as the json should be automatically splitted to labels. We might now see this as an argument to reconsider our logging environment. I also know the ELK stack a bit for the same purpose, where json is also a better fit for kibana visualization. And the system can automatically derive labels from the json keys. Samke applies to loki. I don't know how likely you currently use " and multiline strings in logging, but I agree this is a point to take into considaration as well. This might complicate the implementation. The idea is not having a valid json file as output, but log each line/message as json object. |
What about systemd? Or are you running that daemon without systemd?
Maybe you could bind mount the journal socket (e.g.
|
Hello,
we're running strongswan in a container on Kubernetes.
We log to stderr and ingest those logs to a centralized system. According to our log configuration, the lines currently look like
"2024-04-25T06:14:35 06[IKE1] <az|3> received DELETE for ESP CHILD_SA with SPI 6ec3571d"
My personal perception is, that this format is not very parser friendly, although we managed to create a regex that fits the majority of messages.
Would it be possible to add a more verbose jsonFormat output, configurable from the Logger Configuration?
E.g.
charon.filelog..json_output no| yes
that results in log messages like:
{time:"2024-04-25T06:14:35", thread:"06", system:"IKE", loglevel:1, ikename:"az", ikeid:3, msg:"received DELETE for ESP CHILD_SA with SPI 6ec3571d"}
Thanks for taking this into considaration.
The text was updated successfully, but these errors were encountered: