OBSDOCS-1972 migrate old content - add in log_collection_forwarding folder

gabriel-rh · gabriel-rh · commit 4b0d3da54688 · 2025-05-31T16:10:26.000+01:00
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -50,3 +50,19 @@ Topics:
   File: cluster-logging-memory
 - Name: Configuring systemd-journald for Logging
   File: cluster-logging-systemd
+---
+Name: Log collection and forwarding
+Dir: log_collection_forwarding
+Topics:
+- Name: About log collection and forwarding
+  File: log-forwarding
+- Name: Log output types
+  File: logging-output-types
+- Name: Enabling JSON log forwarding
+  File: cluster-logging-enabling-json-logging
+- Name: Configuring log forwarding
+  File: configuring-log-forwarding
+- Name: Configuring the logging collector
+  File: cluster-logging-collector
+- Name: Collecting and storing Kubernetes events
+  File: cluster-logging-eventrouter
diff --git a/log_collection_forwarding/_attributes b/log_collection_forwarding/_attributes
@@ -0,0 +1 @@
+../_attributes/
diff --git a/log_collection_forwarding/cluster-logging-collector.adoc b/log_collection_forwarding/cluster-logging-collector.adoc
@@ -0,0 +1,35 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-collector
+[id="cluster-logging-collector"]
+= Configuring the logging collector
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+{logging-title-uc} collects operations and application logs from your cluster and enriches the data with Kubernetes pod and project metadata.
+All supported modifications to the log collector can be performed though the `spec.collection` stanza in the `ClusterLogging` custom resource (CR).
+
+include::modules/configuring-logging-collector.adoc[leveloffset=+1]
+
+include::modules/creating-logfilesmetricexporter.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-limits.adoc[leveloffset=+1]
+
+[id="cluster-logging-collector-input-receivers"]
+== Configuring input receivers
+
+The {clo} deploys a service for each configured input receiver so that clients can write to the collector. This service exposes the port specified for the input receiver.
+The service name is generated based on the following:
+
+* For multi log forwarder `ClusterLogForwarder` CR deployments, the service name is in the format `<ClusterLogForwarder_CR_name>-<input_name>`. For example, `example-http-receiver`.
+* For legacy `ClusterLogForwarder` CR deployments, meaning those named `instance` and located in the `openshift-logging` namespace, the service name is in the format `collector-<input_name>`. For example, `collector-http-receiver`.
+
+include::modules/log-collector-http-server.adoc[leveloffset=+2]
+//include::modules/log-collector-rsyslog-server.adoc[leveloffset=+2]
+// uncomment for 5.9 release
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../log_collection_forwarding/configuring-log-forwarding.adoc#logging-audit-filtering_configuring-log-forwarding[Overview of API audit filter]
+
+include::modules/cluster-logging-collector-tuning.adoc[leveloffset=+1]
diff --git a/log_collection_forwarding/cluster-logging-enabling-json-logging.adoc b/log_collection_forwarding/cluster-logging-enabling-json-logging.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-enabling-json-logging
+[id="cluster-logging-enabling-json-logging"]
+= Enabling JSON log forwarding
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+You can configure the Log Forwarding API to parse JSON strings into a structured object.
+
+include::modules/cluster-logging-json-log-forwarding.adoc[leveloffset=+1]
+include::modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc[leveloffset=+1]
+include::modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc[leveloffset=+1]
+include::modules/cluster-logging-forwarding-separate-indices.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../log_collection_forwarding/log-forwarding.adoc#log-forwarding[About log forwarding]
diff --git a/log_collection_forwarding/cluster-logging-eventrouter.adoc b/log_collection_forwarding/cluster-logging-eventrouter.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-eventrouter
+[id="cluster-logging-eventrouter"]
+= Collecting and storing Kubernetes events
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The {ocp-product-title} Event Router is a pod that watches Kubernetes events and logs them for collection by the {logging}. You must manually deploy the Event Router.
+
+The Event Router collects events from all projects and writes them to `STDOUT`. The collector then forwards those events to the store defined in the `ClusterLogForwarder` custom resource (CR).
+
+[IMPORTANT]
+====
+The Event Router adds additional load to Fluentd and can impact the number of other log messages that can be processed.
+====
+
+include::modules/cluster-logging-eventrouter-deploy.adoc[leveloffset=+1]
diff --git a/log_collection_forwarding/configuring-log-forwarding.adoc b/log_collection_forwarding/configuring-log-forwarding.adoc
@@ -0,0 +1,78 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="configuring-log-forwarding"]
+= Configuring log forwarding
+:context: configuring-log-forwarding
+
+toc::[]
+
+include::snippets/audit-logs-default.adoc[]
+
+include::modules/cluster-logging-collector-log-forwarding-about.adoc[leveloffset=+1]
+
+include::modules/logging-create-clf.adoc[leveloffset=+1]
+
+include::modules/logging-delivery-tuning.adoc[leveloffset=+1]
+
+include::modules/logging-multiline-except.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa[]
+include::modules/cluster-logging-collector-log-forward-gcp.adoc[leveloffset=+1]
+endif::openshift-rosa[]
+
+include::modules/logging-forward-splunk.adoc[leveloffset=+1]
+
+include::modules/logging-http-forward.adoc[leveloffset=+1]
+
+include::modules/logging-forwarding-azure.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-project.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc[leveloffset=+1]
+
+include::modules/logging-audit-log-filtering.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+
+* link:https://docs.openshift.com/container-platform/latest/networking/network_security/logging-network-security.adoc#logging-network-security[Logging network policy events][Logging for egress firewall and network policy rules]
+
+// TODO ROSA
+ifdef::openshift-rosa,openshift-dedicated[]
+* link:https://docs.openshift.com/container-platform/latest/networking/ovn_kubernetes_network_provider/logging-network-security.html#logging-network-security[Logging for egress firewall and network policy rules]
+endif::[]
+
+include::modules/cluster-logging-collector-log-forward-loki.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://grafana.com/docs/loki/latest/configuration/[Configuring Loki server]
+
+include::modules/cluster-logging-collector-log-forward-es.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-fluentd.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-syslog.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-kafka.adoc[leveloffset=+1]
+
+// Cloudwatch docs
+include::modules/cluster-logging-collector-log-forward-cloudwatch.adoc[leveloffset=+1]
+include::modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc[leveloffset=+1]
+
+//TODO ROSA
+ifdef::openshift-rosa[]
+include::modules/rosa-cluster-logging-collector-log-forward-sts-cloudwatch.adoc[leveloffset=+1]
+endif::[]
+
+
+include::modules/cluster-logging-collector-log-forward-sts-cloudwatch.adoc[leveloffset=+1]
+
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html[AWS STS API Reference]
+ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
+* link:https://docs.openshift.com/container-platform/latest/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[Cloud Credential Operator (CCO)]
+endif::openshift-dedicated,openshift-rosa,openshift-rosa-hcp[]
diff --git a/log_collection_forwarding/images b/log_collection_forwarding/images
@@ -0,0 +1 @@
+../images/
diff --git a/log_collection_forwarding/log-forwarding.adoc b/log_collection_forwarding/log-forwarding.adoc
@@ -0,0 +1,48 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="log-forwarding"]
+= About log collection and forwarding
+:context: log-forwarding
+
+toc::[]
+
+The {clo} deploys a collector based on the `ClusterLogForwarder` resource specification. There are two collector options supported by this Operator: the legacy Fluentd collector, and the Vector collector.
+
+include::snippets/logging-fluentd-dep-snip.adoc[]
+
+include::modules/about-log-collection.adoc[leveloffset=+1]
+
+include::modules/logging-vector-fluentd-feature-comparison.adoc[leveloffset=+2]
+
+include::modules/log-forwarding-collector-outputs.adoc[leveloffset=+2]
+
+[id="log-forwarding-about-clf"]
+== Log forwarding
+
+Administrators can create `ClusterLogForwarder` resources that specify which logs are collected, how they are transformed, and where they are forwarded to.
+
+`ClusterLogForwarder` resources can be used up to forward container, infrastructure, and audit logs to specific endpoints within or outside of a cluster. Transport Layer Security (TLS) is supported so that log forwarders can be configured to send logs securely.
+
+Administrators can also authorize RBAC permissions that define which service accounts and users can access and forward which types of logs.
+
+include::modules/log-forwarding-implementations.adoc[leveloffset=+2]
+
+[id="log-forwarding-enabling-multi-clf-feature"]
+=== Enabling the multi log forwarder feature for a cluster
+
+To use the multi log forwarder feature, you must create a service account and cluster role bindings for that service account. You can then reference the service account in the `ClusterLogForwarder` resource to control access permissions.
+
+[IMPORTANT]
+====
+In order to support multi log forwarding in additional namespaces other than the `openshift-logging` namespace, you must update the {clo} to watch all namespaces]. This functionality is supported by default in new {clo} version 5.8 installations.
+====
+
+include::modules/log-collection-rbac-permissions.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/latest/authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions]
+* link:https://docs.openshift.com/container-platform/latest/authentication/using-service-accounts-in-applications.adoc#using-service-accounts-in-applications[Using service accounts in applications]
+
+* link:https://kubernetes.io/docs/reference/access-authn-authz/rbac/[Using RBAC Authorization Kubernetes documentation]
diff --git a/log_collection_forwarding/logging-output-types.adoc b/log_collection_forwarding/logging-output-types.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="logging-output-types"]
+= Log output types
+:context: logging-output-types
+
+toc::[]
+
+Outputs define the destination where logs are sent to from a log forwarder. You can configure multiple types of outputs in the `ClusterLogForwarder` custom resource (CR) to send logs to servers that support different protocols.
+
+include::modules/supported-log-outputs.adoc[leveloffset=+1]
+
+[id="logging-output-types-descriptions"]
+== Output type descriptions
+
+`default`:: The on-cluster, Red{nbsp}Hat managed log store. You are not required to configure the default output.
++
+[NOTE]
+====
+If you configure a `default` output, you receive an error message, because the `default` output name is reserved for referencing the on-cluster, Red{nbsp}Hat managed log store.
+====
+`loki`:: Loki, a horizontally scalable, highly available, multi-tenant log aggregation system.
+`kafka`:: A Kafka broker. The `kafka` output can use a TCP or TLS connection.
+`elasticsearch`:: An external Elasticsearch instance. The `elasticsearch` output can use a TLS connection.
+`fluentdForward`:: An external log aggregation solution that supports Fluentd. This option uses the Fluentd `forward` protocols. The `fluentForward` output can use a TCP or TLS connection and supports shared-key authentication by providing a `shared_key` field in a secret. Shared-key authentication can be used with or without TLS.
++
+[IMPORTANT]
+====
+The `fluentdForward` output is only supported if you are using the Fluentd collector. It is not supported if you are using the Vector collector. If you are using the Vector collector, you can forward logs to Fluentd by using the `http` output.
+====
+`syslog`:: An external log aggregation solution that supports the syslog link:https://tools.ietf.org/html/rfc3164[RFC3164] or link:https://tools.ietf.org/html/rfc5424[RFC5424] protocols. The `syslog` output can use a UDP, TCP, or TLS connection.
+`cloudwatch`:: Amazon CloudWatch, a monitoring and log storage service hosted by Amazon Web Services (AWS).
+`cloudlogging`:: Google Cloud Logging, a monitoring and log storage service hosted by Google Cloud Platform (GCP).
diff --git a/log_collection_forwarding/modules b/log_collection_forwarding/modules
@@ -0,0 +1 @@
+../modules/
diff --git a/log_collection_forwarding/snippets b/log_collection_forwarding/snippets
@@ -0,0 +1 @@
+../snippets/
