[英]Azure Log Analytics don't retrieve log of NGINX Ingress on Azure Kubernetes Service
I am new to Kubernetes and NGINX Ingress on Microsoft Azure. 我是Microsoft Azure上的Kubernetes和NGINX Ingress的新手。 I got an issue about analyzing log of NGINX Ingress.
我遇到了有关分析NGINX Ingress日志的问题。
Here is the log in my NGINX Ingress pods: 这是我的NGINX Ingress窗格中的日志:
duc@Azure:~$ kubectl logs ducphuongkhang-ingress-nginx-ingress-controller-869b8b966-877bq -n kube-system | grep 'lua'
2018/11/06 16:36:55 [warn] 961#961: *10059 [lua] log.lua:52: {"timestamp":1541522215,"method":"GET","uri":"\/vulnerabilities\/sqli\/","id":"dba39b7d7dc8646b779e","client":"10.244.0.1","alerts":[{"match":1,"msg":"SQL String Termination","id":41003},{"match":1,"msg":"SQL probing attempt","id":41032},{"logdata":8,"match":8,"msg":"Request score greater than score threshold","id":99001}]} while logging request, client: 10.244.0.1, server: dvwa.thesis.analyticsvn.com, request: "GET /vulnerabilities/sqli/?id=%27&Submit=Submit HTTP/2.0", host: "dvwa.thesis.analyticsvn.com", referrer: "https://dvwa.thesis.analyticsvn.com/vulnerabilities/sqli/?id=1%3D1&Submit=Submit"
2018/11/06 16:37:02 [warn] 961#961: *10059 [lua] log.lua:52: {"timestamp":1541522222,"method":"GET","uri":"\/vulnerabilities\/sqli\/","id":"4ac4e0dfe317dcd86346","client":"10.244.0.1","alerts":[{"match":1,"msg":"SQL String Termination","id":41003},{"match":1,"msg":"SQL probing attempt","id":41032},{"logdata":8,"match":8,"msg":"Request score greater than score threshold","id":99001}]} while logging request, client: 10.244.0.1, server: dvwa.thesis.analyticsvn.com, request: "GET /vulnerabilities/sqli/?id=%27&Submit=Submit HTTP/2.0", host: "dvwa.thesis.analyticsvn.com", referrer: "https://dvwa.thesis.analyticsvn.com/vulnerabilities/sqli/?id=1%3D1&Submit=Submit"
2018/11/06 16:37:02 [warn] 961#961: *10059 [lua] log.lua:52: {"timestamp":1541522222,"method":"GET","uri":"\/vulnerabilities\/sqli\/","id":"d0eae7d54dc99773ecc0","client":"10.244.0.1","alerts":[{"match":1,"msg":"SQL String Termination","id":41003},{"match":1,"msg":"SQL probing attempt","id":41032},{"logdata":8,"match":8,"msg":"Request score greater than score threshold","id":99001}]} while logging request, client: 10.244.0.1, server: dvwa.thesis.analyticsvn.com, request: "GET /vulnerabilities/sqli/?id=%27&Submit=Submit HTTP/2.0", host: "dvwa.thesis.analyticsvn.com", referrer: "https://dvwa.thesis.analyticsvn.com/vulnerabilities/sqli/?id=1%3D1&Submit=Submit"
2018/11/06 16:37:03 [warn] 961#961: *10059 [lua] log.lua:52: {"timestamp":1541522223,"method":"GET","uri":"\/vulnerabilities\/sqli\/","id":"be18d7e7800e86789d5d","client":"10.244.0.1","alerts":[{"match":1,"msg":"SQL String Termination","id":41003},{"match":1,"msg":"SQL probing attempt","id":41032},{"logdata":8,"match":8,"msg":"Request score greater than score threshold","id":99001}]} while logging request, client: 10.244.0.1, server: dvwa.thesis.analyticsvn.com, request: "GET /vulnerabilities/sqli/?id=%27&Submit=Submit HTTP/2.0", host: "dvwa.thesis.analyticsvn.com", referrer: "https://dvwa.thesis.analyticsvn.com/vulnerabilities/sqli/?id=1%3D1&Submit=Submit"
And here is my Azure Analytics Log query, which return no value: 这是我的Azure Analytics Log查询,该查询没有返回值:
ContainerLog | where LogEntry contains "lua"
I want to collect logs that generated by NGINX Ingress (with lua-resty-waf enable) with Azure Log Analytics. 我想使用Azure Log Analytics收集NGINX Ingress生成的日志(启用lua-resty-waf)。 Please help me to get there.
请帮助我到达那里。
Thank you. 谢谢。
After doing the research, I found out that the Azure Log Analytics with OMS Agent in Kubernetes don't support to collect data in the namespace 'kube-system'. 经过研究,我发现Kubernetes中的带OMS代理的Azure日志分析不支持在名称空间“ kube-system”中收集数据。 Deploy the Ingress in another namespace will allow the Log Analytics to collect log.
将Ingress部署在另一个名称空间中将允许Log Analytics收集日志。
Reference: https://github.com/Azure/AKS/issues/293 参考: https : //github.com/Azure/AKS/issues/293
$ kubectl describe deployments omsagent-rs -n kube-system
Pod Template:
Labels: rsName=omsagent-rs
Annotations: agentVersion=1.6.0-42
dockerProviderVersion=2.0.0-3
Service Account: omsagent
Environment:
DISABLE_KUBE_SYSTEM_LOG_COLLECTION: true
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.