Skip to content

Instantly share code, notes, and snippets.

@tmornini

tmornini/userdata.bash

Last active November 11, 2019 21:17
Show Gist options
  • Save tmornini/aa25e93556622b982d473899e5305e33 to your computer and use it in GitHub Desktop.
Save tmornini/aa25e93556622b982d473899e5305e33 to your computer and use it in GitHub Desktop.
Download ZIP
Docker -> Host Syslog -> Loggly for Amazon AWS ECS
Raw
userdata.bash
#!/bin/bash -x
exec > /tmp/user-data.log 2>&1
mkdir -p /var/spool/rsyslog
(
mkdir -p /etc/rsyslog.d/keys/ca.d
cd /etc/rsyslog.d/keys/ca.d
curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt
chmod 500 *.crt
)
cat > /etc/rsyslog.d/22-loggly.conf <<'RSYSLOG_CONFIG'
################# BEGIN RSYSLOG CONFIG FILE #########################
$template LogglyFormat,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%-%syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% [TOKEN@41058 tag=\\"%syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\" tag=\\"%syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\"]%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n"
# docker/subledger/ci/ecs-v2-117-v2-queue-main-fe9480c4a681a5990900/9b9fad23c64a[9671]:
# TAG product= %syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# TAG environment= %syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %APP-NAME% task_name= %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %APP-NAME% task_version= %syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %MSGID% container_name= %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# ignored synthetic_id= %syslogtag:R,ERE,6,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %HOSTNAME% container_id= %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %PROCID% pid= %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# Setup disk assisted queues
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.loggly.com
*.* @@logs-01.loggly.com:6514;LogglyFormat
################# END RSYSLOG CONFIG FILE #########################
RSYSLOG_CONFIG
service rsyslog restart
cat >> /etc/sysconfig/docker <<'DOCKER_LOG_CONFIG'
OPTIONS="$OPTIONS --log-driver=syslog --log-opt syslog-facility=local0 --log-opt tag=product/environment/{{.Name}}/{{.ID}}"
DOCKER_LOG_CONFIG
service docker restart
start ecs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment