Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance the logging rules so that filtering can be performed on log message content #144

Open
plkokanov opened this issue Jul 22, 2024 · 2 comments
Open

Enhance the logging rules so that filtering can be performed on log message content #144

plkokanov opened this issue Jul 22, 2024 · 2 comments
Labels
area/ipcei IPCEI (Important Project of Common European Interest) kind/enhancement Enhancement, improvement, extension lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/4 Priority (lower number equals higher priority)

Comments

@plkokanov
Copy link
Collaborator

plkokanov commented Jul 22, 2024
edited
Loading

How to categorize this issue?

/kind enhancement

What would you like to be added:
Add a field in the rsyslogRelpConfig.loggingRules that allows filtering based on message content. The filters should allow for both excluding or including messages based on their content via regular expressions. This could be done by adding regex and exclude fields which should be pointers to strings and marked as optional. Below is an example of what the new api would look like:

apiVersion: rsyslog-relp.extensions.gardener.cloud/v1alpha1
kind: RsyslogRelpConfig
target: localhost
port: 1520
loggingRules:
- severity: 6
  programNames: ["kubelet"]
  messageContent:
    regex: "some message content"
    exclude: "some other message content"

To implement the regular expression, the following RainerScript functions could be used in the rsyslog config: re_match_i() - case insensitive match or re_match() - case sensitive match.

This would result in the following rsyslog config:

if $programname == ["kubelet"] and $syslogseverity <= 6 and re_match($msg,'some message content') == 1 and re_match(&msg, 'some other message content') == 0 then {
  call relp_action_ruleset
  stop
}

This means that messageContent include and exclude directives are and-ed when they are part of the same loggingRule. A subsequent loggingRule could contain the same programNames and same severity but different messageContent fields resulting in an or operation - this is because loggingRules[] are checked in-order.

Currently the loggingRules[].severity field is always required. However, we could change that and make at least one of severity, programNames or messageContent be required.

Why is this needed:
Currently, the shoot-rsyslog-relp extension only allows for logs to be filtered based on the program name (that generated them) and their severity. However, this is not enough as sometimes users might want to further fine tune the filtering based on the message content of the logs.
@gardener-prow gardener-prow bot added the kind/enhancement Enhancement, improvement, extension label Jul 22, 2024
@JordanJordanov JordanJordanov added area/ipcei IPCEI (Important Project of Common European Interest) priority/4 Priority (lower number equals higher priority) labels Aug 7, 2024
@gardener-ci-robot
Copy link

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Mark this issue as rotten with /lifecycle rotten
  • Close this issue with /close

/lifecycle stale

@gardener-prow gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 5, 2024
@gardener-ci-robot
Copy link

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close

/lifecycle rotten

@gardener-prow gardener-prow bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ipcei IPCEI (Important Project of Common European Interest) kind/enhancement Enhancement, improvement, extension lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/4 Priority (lower number equals higher priority)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@plkokanov @JordanJordanov @gardener-ci-robot