boomam Posted October 15, 2022 Share Posted October 15, 2022 Hi, I'm attempting to solve a few inherent issues with Unraid in one hit, all revolving around syslogs. It's long annoyed me the reasoning why logs are lost on reboot (due to sitting in RAM), and the lack of reasonable way to make sure logs are getting captured for analysis. Note: I understand the reasoning, wear leveling, etc. but its side stepping the issue somewhat by just not having some sort of persistent log. My solution, is to use a 'remote' syslog server, in this case, Graylog, running on a separate system. Specifically for Graylog, my issue is that I'm finding that Unraid is sending the syslog message with incorrect timestamps (4 hours in the past), which when ingested into GrayLog means that 'recent queries', or anything that relies on them, are next to useless. The timezone is set correctly at both ends, too. The workaround is to flip the input type from Syslog/UDP to RAW UDP, not ideal, as you lose some of the automatic parsing being done. Question: How do we adjust the variables in Unraid for syslog events? Things like RFC formats, etc? and have it persist between reboots? Next, I have set my important containers to ship their logs directly into GrayLog, (works fine as Syslog/UDP too!), but I want to ensure that nothing is getting written locally, log wise, to the array, cache, anywhere. Question: Is there a global setting, that persists between reboots, to allow this? The key is persists between reboots for both of these, as whilst im aware of potential methods to achieve both of these questions, the way Unraid works in regards to reboots/run from RAM, makes them somewhat of an unknown. Thanks in advance for your help with this! Cheers. Quote Link to comment
JonathanM Posted October 16, 2022 Share Posted October 16, 2022 On 10/15/2022 at 10:55 AM, boomam said: The key is persists between reboots for both of these, as whilst im aware of potential methods to achieve both of these questions, the way Unraid works in regards to reboots/run from RAM, makes them somewhat of an unknown. Script whatever changes you need and set the script to run every boot? Quote Link to comment
boomam Posted October 17, 2022 Author Share Posted October 17, 2022 14 hours ago, JonathanM said: Script whatever changes you need and set the script to run every boot? Not a bad idea, but I'd still need to know the method in Unraid to disable local logging to disk, in favor of relying on remote syslog only. + for the rsyslog, it looks like there's a reasonable amount of custom unraid related code/notes in it - do we know if its been documented anywhere as to what's what and why in it? I assume its not arbitrary? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.