Hello !
I am trying to open a syslog server to Loki using Promtail.
Here is my docker-compose.yml
version: "3"
services:
promtail:
container_name: promtail
image: grafana/promtail:latest
volumes:
- /home/toto/promtail-cfg.yml:/etc/promtail/promtail-cfg.yml
command: -config.file=/etc/promtail/promtail-cfg.yml
network_mode: host
And my promtail-cfg.yml
server:
http_listen_address: 0.0.0.0
http_listen_port: 9080
grpc_listen_port: 0
clients:
- url: http://mylokiserver:3100/loki/api/v1/push
external_labels:
toto : toto
scrape_configs:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:514
idle_timeout: 60s
label_structured_data: yes
labels:
job: "syslog"
The Promtail container is running properly, I can access the HTTP web interface and send logs with TCP on 514.
I can tell my logs are sent correctly because if I send a non syslog message, docker logs shows : level=warn ts=2021-05-06T20:32:12.413221747Z caller=syslogtarget.go:171 msg="errorparsing syslog stream" err="expecting a version value in the range 1-999 [col 4]"
When I do send a correct syslog messages, I am not seeing any new Loki Label in Grafana.
Here is the log when I start Promtail
level=info ts=2021-05-06T21:51:50.369616469Z caller=syslogtarget.go:95 msg="syslog listening on address" address=[::]:514
level=info ts=2021-05-06T21:51:50.36998512Z caller=server.go:239 http=[::]:9080 grpc=[::]:46099 msg="server listening on addresses"
level=info ts=2021-05-06T21:51:50.409078762Z caller=main.go:113 msg="Starting Promtail" version="(version=, branch=, revision=)"
The weird thing is that if I enter a wrong clients.server.url in my configuration file, it does not throw an error in the log…
What am I doing wrong ?