Azure AKS in-container logs to Azure Logs/Azure Sentinel
Is there an dynamic way to pull log data from inside my containers?
All of my searches are returning that Azure Logs/Azure Sentinel can read data about AKS relative to the containers as they exist in K8s (online, running, failed, etc.) but not the actual in-container logs. Examples of results asking for this:
- https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-log-query
- https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-livedata-overview
- https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/azure-monitor/containers/container-insights-enable-new-cluster.md#enable-monitoring-of-a-new-azure-kubernetes-service-aks-cluster
...all of these provide documentation on monitoring containers (as they live in K8s) but not the app-level logs in the containers...
Is anyone aware of a technology or capability for Azure Logs/Azure Sentinel to consume in-container, on-disk container logs (e.g. inside the container: /var/log, /var/application/logs, etc.)?
Thanks!
Ok so I'd forgotten about this question but just to post an answer. I kinda used what @kedmardemootoo suggested, where we use the standard log output from a container to read the file.
however, the main difference is I used the K8s sidecar pattern to monitor log files in my container so that I could do a kubectl logs output exclusively to a particular log file.
The manifest changes looks like:
while we're using a BusyBox image, Alpine would also work fine. The idea is that it's a tiny OS image so you don't explode your worker node processor/memory utilization but echo's a particular log's output to STDOUT so it can be captured by Azure Log Analytics (AZA). Use a tiny linux OS that just tails a particular log file (with a container name that reflects the log file being tail'd) and it will show up under that container's log entries in AZA.
FYI -- BusyBox and Alpine are like 3-5MB sized container images.
- Pipeline Shows as Failed When Successful
- Yaml manual approval step in jobs.template
- Environment variables as parameter of type object in Azure DevOps pipelines
- Skip Azure Pipeline jobs (or the whole pipeline) if change is from a merge from a specific branch
- Visual Studio 2022 can't connect to a project due to bad filters
- Azure Data Factory CI npm validate step suddenly crashing
- Remove TFS Connection From Visual Studio 2019
- ADO - Granular Permission for Users on Team
- How to run an entire azure pipeline, start to finish, inside a Docker container?
- Dev env is skipping
- Must delete massive inadvertent checkin from remote git repo
- Access Denied using Azure App Configuration Task in DevOps Pipeline
- Passing output variable to a template in the same job in Azure devops
- Azure Pipeline: how to delete a variable inside Azure build pipeline
- How do I specify playwright chromium version in azure pipeline
- Azure Devops - YAML - not reading .net version from props file
- Azure yaml trigger pipeline every 14 days on a Saturday
- How can I give a containerRegistry to a DevcontainersCi task in an Azure DevOps YAML Pipeline?
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- DotNetCLI@2 pack seems to be ignoring configuration inputs
- Build a pipeline in AzureDevOps for Sql Server on prem to run sql scripts
- Trying to get all PRs from "branch/*" using Rest API
- How to format Azure DevOps console Logs
- How to follow the entire wiki in Azure DevOps?
- Issue with Azure key vault and Azure storage account deployment
- Publishing external POM Package to Azure Artifacts Feed Error
- lionbridge-connector on Azure Artifacts gives Dependency Error
- How to allow an empty string for a runtime parameter?