How to configure kibana docker to redirect kibana logs to syslog

akshatsharma · January 8, 2021, 5:59am

Hi,

Currently, Kibana generates logs as plain text and outputs them to stdout. For our use-case, we need to reformat kibana logs in a different format, for which we need to send Kibana's container logs to Syslog sidecar container, modify the kibana logs there, and then output to stdout(since Kibana does not follow any standard logging format like log4j).

How can we configure kibana to send its logs to Syslog? Is there any configuration that can be done in the Kibana docker image?

Please help regarding this.

Thanks & Regards,
Akshat

spalger · January 12, 2021, 4:35pm

You're right, Kibana only supports two logging formats, JSON and plain text. The JSON format should be pretty flexible for consumption in other systems. I don't think there's a way to control where the logs from a Docker container are sent, but you can run programs which will pull the logs for a container from Docker... but that's all pretty far outside of my area of expertise.

Is there a larger goal here? Is the final goal to get the logs into log4j format so that someone can read them?

akshatsharma · January 20, 2021, 5:27am

@spalger thanks for your response.
Yes, the goal here is to be able to covert kibana logs to a standardized format so it is aligned with elasticsearch logging format(modified based on custom requirements).
To do that, I want to use syslog sidecar as a converter that reads kibana logs, converts them to the desired format, and then pushed them to stdout. Something like this.
Your thoughts?

Best Regards,
Akshat

spalger · January 20, 2021, 4:11pm

Well, my thoughts generally are that it's best to use something like filebeat to index the logs from ES and Kibana back into ES so that you can view them in Kibana from anywhere, search them, and analyze them like any other data in Kibana. With a process like this Kibana takes care of presenting the logs in a standard format.