Menu
TL;DR
What is the best practice to send container optimized os host logs (ssh and executed shell commands) to Stackdriver?
Background:
I'm using Googles Container Optimized OS which works great. It's super easy to send the container logs to Stackdriver, but how do I send host logs to Stackdriver?
It's for auditing purposes, I need to log all SSH connections (accepted or denied) and all commands executed via shell. Previously I would simply send the rsyslogd (auth,authpriv) to stackdriver via the stackdriver host logger package.
This is for Container Optimized OS VM:s running in a managed instance group (mig), not in Google Kubernetes Engine.
It might be super obvious, but I can't seem to find any documentation on it.
344
Stackdriver Logging allows you to store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services. It includes storage for logs, a user interface called the Logs Viewer, and an API to manage logs programmatically.
Stackdriver Logging allows you to retain the logs for 30 days, and gives you a one-click configuration tool to archive data for a longer period in Google Cloud Storage.
how do I send host logs to Stackdriver?
Here are some code where COS packaged a Stackdriver Logging agent. You can start it via sudo systemctl start stackdriver-logging.
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
