Syslog pluging does not log anything

#1

Hi,
Kong version : 1.0.3

I have enabled syslog plugin, but it does not log anything under /var/log folder.

If I manually run syslogd command inside docker container, then it creates messages file under /var/log and records api requests.

How do I make syslogd start automatically when kong docker is deployed.

#2

I added /sbin/syslogd in entrypoint script of docker. It solved issue of syslogd daemon not getting started. Now syslog plugin logs messages to /var/log/messages. But these messages are truncated. On further investigation, it seems that kong alpine image uses musl libc which has hardcoded buffer/string size which is not enough. I tried with kong centos version too, but no luck. Instead of syslogd, I installed rsyslogd as part of docker entrypoint script, it improved length of messages getting logged. But still complete message is not getting logged. I tried adding MaxMessageSize setting in rsyslog.conf, but that did not help… any idea how to resolve this? Otherwise syslog plug-in in kong is useless if underlying syslog issue as result of alpine is not resolved

#3

Would you mind giving rsyslog a try, as a replacement for syslog? it lifts a number of restrictions over syslog

#4

Yes, I tried rsyslog also. It did improve logged message length, but some part of message is still truncated.

#5

Can you be more specific?

Also what is the Kong plugin configuration, can you post it here?

#6

Since syslog is a UDP based protocol, the MTU size might also play a role here.

My docker image has:

# ip link list lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Where my host system (Mac) has:

MacBook-Pro:lcomplex-100 thijs$ ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

So seems with Docker the image get’s it’s own MTU, just not sure whether the loopback for the container also goes through the host, since that would still result in fragmentation.

What is the size of your message? and what are the MTU sizes you see on your system (both in the container as well as the host)?