Modernizing the docker-logs collector (#2)

* initial push of refactor for moving to fluentd based docker logging plugin

* Updated build-release.yaml

* Updating Tag references

* moving cicd testing and enabling pushing

* Adding dependabot and CODEOWNERS

* Updated readme

Author: b3arpsl

.dockerignore

@@ -0,0 +1,25 @@
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# Global Code Owner
+
+* @b3arpsl @robf17 @SeamusClark

.github/dependabot.yaml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/build-release.yaml

@@ -0,0 +1,55 @@
+name: build-release
+
+on:
+  push:
+    tags:
+      - 'v*'
+permissions: 
+  contents: read
+  packages: write
+  
+env: 
+  IMAGE_NAME: docker-log-collector
+jobs: 
+  docker: 
+    runs-on: ubuntu-latest
+    steps: 
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      
+      - name: Login to GitHub
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            name=zebrium/${{env.IMAGE_NAME }}
+            name=ghcr.io/Zebrium/${{env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{raw}}
+            type=semver,pattern={{major}}.{{minor}}
+            type-semver,pattern=v{{major}}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1 +1,38 @@
-FROM gliderlabs/logspout:v3.2.11
+FROM alpine:latest AS certificates
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+RUN update-ca-certificates
+
+
+FROM fluent/fluentd:v1.16
+
+USER root
+
+COPY --from=certificates /etc/ssl/certs/ /usr/lib/ssl/certs/
+
+RUN gem install fluent-plugin-zebrium_output\
+  docker-api\
+  docker\
+  fluent-plugin-rewrite-tag-filter\
+  fluent-plugin-multi-format-parser\
+  fluent-plugin-s3\
+  fluent-plugin-record-reformer\
+  fluent-plugin-concat
+
+COPY config/fluent.conf /fluentd/etc/
+
+USER fluent
+
+EXPOSE 24224
+
+ENV FLUSH_INTERVAL "60s"
+ENV BUFFER_CHUNK_LIMIT_SIZE "8MB"
+ENV BUFFER_CHUNK_LIMIT_RECORDS "40000"
+ENV BUFFER_TOTAL_LIMIT_SIZE "1GB"
+ENV BUFFER_RETRY_TIMEOUT "1h"
+ENV BUFFER_RETRY_MAX_TIMES "360"
+ENV BUFFER_RETRY_WAIT "10s"
+ENV VERIFY_SSL "true"
+ENV ZE_DEPLOYMENT_NAME "default"
+ENV ZE_LOG_LEVEL "info"
+ENV ZE_LOG_COLLECTOR_TYPE "docker"
+ENV LOG_FORWARDER_MODE "true"

LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2015 Glider Labs, LLC
+Copyright (C) 2023 Sciencelogic Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the right
 s to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

README.md

@@ -1,120 +1,52 @@
 # DOCKER CONTAINER LOG COLLECTOR
-Zebrium's docker container log collector collects container logs and sends logs to Zebrium for automated Incident detection.
-Our github repository is located [here](https://github.com/zebrium/ze-docker-log-collector).
 
-# ze-docker-log-collector
+Zebrium's docker container log collector collects container logs and sends logs to Zebrium for automated Incident detection.  This is achieved by using the [Fluentd logging driver for Docker](https://docs.docker.com/config/containers/logging/fluentd/) and the Zebrium Fluentd [output plugin.](https://github.com/zebrium/fluentd-output-zebrium)
 
 ## Getting Started
-### Docker
-Use the following command to create a docker log collector container:
-```
-sudo docker run -d --name="zdocker-log-collector" --restart=always \
-                -v=/var/run/docker.sock:/var/run/docker.sock \
-                -e ZE_LOG_COLLECTOR_URL="<ZE_LOG_COLLECTOR_URL>" \
-                -e ZE_LOG_COLLECTOR_TOKEN="<ZE_LOG_COLLECTOR_TOKEN>" \
-                -e ZE_HOSTNAME="<HOSTNAME>" \
-                -e ZE_DEPLOYMENT_NAME="YOUR_DEPLOYMENT_NAME_HERE" \
-                zebrium/docker-log-collector:latest
-```
 
-### Docker Compose
-Use the following configuration file to deploy via docker-compose command:
-```
-version: '3.5'
-
-services:
-  zdocker-log-collector:
-    image: zebrium/docker-log-collector:latest
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      ZE_LOG_COLLECTOR_URL: "<ZE_LOG_COLLECTOR_URL>"
-      ZE_LOG_COLLECTOR_TOKEN: "<ZE_LOG_COLLECTOR_TOKEN>"
-      ZE_DEPLOYMENT_NAME: "<YOUR_DEPLOYMENT_NAME_HERE>"
-      ZE_HOSTNAME: "<HOSTNAME>"
-```
-### AWS Elastic Container Service (ECS)
+When sending your logs from your docker daemon to Zebrium, there are two configuration options for where your log collector can be installed in configured.  The collector can be installed within the docker daemon context that you are sending all the logs from, or it could be installed on an external host, and have the logs routed to it by each docker daemon.
 
-Add the following service to ECS on EC2 cluster configuration.
+### Deploying the Collector
+
+Regardless on the installation method, you will start the collector using the following command, substituting the token and URL in for the values found in your Zebrium Integration and Collectors page.  Additional ENVS listed [below](#environment-variables) can be specified to the collector to further extend the functionality.
+
+```bash
+docker run -p 24224:24224 -e ZE_LOG_COLLECTOR_URL=<URL> -e ZE_LOG_COLLECTOR_TOKEN=<TOKEN> --restart always zebrium/docker-log-collector:latest
 ```
-services:
-  zdocker-log-collector:
-    image: zebrium/docker-log-collector:latest
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      ZE_LOG_COLLECTOR_URL: "<ZE_LOG_COLLECTOR_URL>"
-      ZE_LOG_COLLECTOR_TOKEN: "<ZE_LOG_COLLECTOR_TOKEN>"
-      ZE_DEPLOYMENT_NAME: "<YOUR_DEPLOYMENT_NAME_HERE>"
+
+### Configuring the Docker daemon
+
+Once our collector has been deployed and configured, we need to modify the docker daemon configuration to start sending logs to the collector.  For a complete list of configuration options, please see the [official docker documentation](https://docs.docker.com/config/containers/logging/fluentd/).  The docker daemon is located in `/etc/docker/daemon.json` on Linux host and `C:\ProgramData\docker\config\daemon.json` on windows host.  For more about the docker daemon.json, see the [official documentation](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file)
+
+Add the following configuration to your daemon.json file, substituting `<fluentd-address>` for the address of your log collector.  If your log collector is deployed in the same docker daemon, then use `127.0.0.1:24224` as your address.  
+
+```bash
+{
+"log-driver": "fluentd",
+  "log-opts": {
+    "fluentd-address": "<fluentd-address>",
+    "fluentd-async": "true"
+  }
+}
 ```
-To collect container logs from all nodes in an ECS cluster, zdocker-log-collector service must be configured to run as an ECS daemon task. Please follow the steps below to configure the daemon task:
-1. Log in to the AWS console and navigate to the ECS Clusters section. Click into your cluster you run the Agent on.
-2. Choose Service tab, click on the Create button.
-3. For launch type, select EC2, for service type, select DAEMON, type a service name, and click on Next step.
-4. For Load balance type option, select None, and click on Next step. On next page, select Next step without configuring Auto Scaling.
-5. Review and click on Create Service.
-
-Please note ECS tasks must be configured to use 'json-file' Log Driver for Zebrium log collector to receive container logs. If there is special log configuration on ECS instances, for example, using UserData section on instance to set log configuration, those configurations may need to be modified or deleted.
-
-## Environment Variables
-The following environment variables are supported by the collector:
-<table>
-  <tr>
-    <th>Environment Variables</th>
-    <th>Description</th>
-    <th>Default value</th>
-    <th>Note</th>
-  </tr>
-  <tr>
-    <td>ZE_LOG_COLLECTOR_URL</td>
-    <td>Zebrium log host server URL</td>
-    <td>None. Must be set by user</td>
-    <td>Provided by Zebrium once your account has been created.</td>
-  </tr>
-  <tr>
-    <td>ZE_LOG_COLLECTOR_TOKEN</td>
-    <td>Authentication token</td>
-    <td>None. Must be set by user</td>
-    <td>Provided by Zebrium once your account has been created.</td>
-  </tr>
-  <tr>
-    <td>ZE_HOSTNAME</td>
-    <td>Hostname of docker host</td>
-    <td>Empty. Optional</td>
-    <td>If ZE_HOSTNAME is not set, container hostname is used as source host for logs.</td>
-  </tr>
-  <tr>
-    <td>ZE_MAX_INGEST_SIZE</td>
-    <td>Maximum size of post request for Zebrium log server</td>
-    <td>1048576 bytes. Optional</td>
-    <td>Unit is in bytes</td>
-  </tr>
-  <tr>
-    <td>ZE_FLUSH_TIMEOUT</td>
-    <td>Interval between sending batches of log data to Zebrium log server.</td>
-    <td>30 seconds. Optional</td>
-    <td>Unit is in seconds. Please note Zebrium output plugin sends data immediately to log server when accumulated data reaches ZE_MAX_INGEST_SIZE bytes.</td>
-  </tr>
-  <tr>
-    <td>ZE_FILTER_NAME</td>
-    <td>Collect logs for containers whose names match filter name pattern. These can include wildcards, for example, <i>my_container1*</i></td>
-    <td>Empty. Optional</td>
-    <td></td>
-  </tr>
-  <tr>
-    <td>ZE_FILTER_LABELS</td>
-    <td>Collect logs for containers whose labels match the labels as defined in ZE_FILTER_LABELS. The format is: <i>label1:label1_value,label2:label2_value</i> These can include wildcards, for example, <i>my_label:xyz*</i></td>
-    <td>Empty. Optional</td>
-    <td></td>
-  </tr>
-
-</table>
-
-
-## Testing your installation
-Once the docker log collector software has been deployed in your environment, your container logs and incident detection will be available in the Zebrium UI.
-
-## Contributors
-* Brady Zuo (Zebrium)
+
+Once the daemon file is updated, restart the docker daemon for the new changes to take effect.  After this, your should be able to view the logs of the log collector and verify that it is receiving and forwarding logs to Zebrium.
+
+### Environment Variables
+
+Below is a list of environment variables that are available for configuration of the Fluentd container.
+
+| Environment Variables | Default | Description | Required |
+|-------------------|-------------------|-------------------| ---|
+| ZE_LOG_COLLECTOR_URL | "" | Zebrium URL Endpoint for log ingestion| yes|
+| ZE_LOG_COLLECTOR_TOKEN | "" | Zebrium ZAPI token for log ingestion| yes|
+| ZE_DEPLOYMENT_NAME | "default" | Zebrium Service Group Name.  Read more [here](https://docs.sciencelogic.com/zebrium/latest/Content/Web_Zebrium/Key_Concepts.html#service-groups)| no|
+| FLUSH_INTERVAL | "60s" | Buffer Flush Interval| no|
+| ZE_LOG_LEVEL | "info" | Sets the log level for the output plugin | no |
+| VERIFY_SSL | "true" | Enables or disables SSL verification on endpoint| no|
+
+## Additional Resources
+
+* [Github repository](https://github.com/zebrium/ze-docker-log-collector)
+* [Fluentd Documentation](https://www.fluentd.org/guides/recipes/docker-logging)
+* [Docker Plugin Documentation](https://docs.docker.com/config/containers/logging/fluentd/)

SECURITY.md

@@ -7,9 +7,8 @@ currently being supported with security updates.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| >= 1.60.0 | :white_check_mark: |
-
+| >= 2.0.0| :white_check_mark: |
 
 ## Reporting a Vulnerability
 
-Please reach out to [email protected] with any concerns or findings.  
+Please reach out to <[email protected]> with any concerns or findings.  

build.sh

@@ -0,0 +1,29 @@
+<source>
+  @type forward
+  port 24224
+  bind 0.0.0.0
+</source>
+
+
+<match **>
+  @type zebrium
+  ze_deployment_name "#{ENV['ZE_DEPLOYMENT_NAME']}"
+  ze_log_collector_url "#{ENV['ZE_LOG_COLLECTOR_URL']}"
+  ze_log_collector_token "#{ENV['ZE_LOG_COLLECTOR_TOKEN']}"
+  ze_log_collector_type "#{ENV['ZE_LOG_COLLECTOR_TYPE']}"
+  log_forwarder_mode "#{ENV['LOG_FORWARDER_MODE']}"
+  disable_ec2_meta_data "#{ENV['DISABLE_EC2_META_DATA']}"
+  @log_level "#{ENV['ZE_LOG_LEVEL']}"
+  verify_ssl "#{ENV['VERIFY_SSL']}"
+  <buffer tag>
+    @type memory
+    chunk_limit_size "#{ENV['BUFFER_CHUNK_LIMIT_SIZE']}"
+    chunk_limit_records "#{ENV['BUFFER_CHUNK_LIMIT_RECORDS']}"
+    total_limit_size "#{ENV['BUFFER_TOTAL_LIMIT_SIZE']}"
+    flush_mode "interval"
+    flush_interval "#{ENV['FLUSH_INTERVAL']}"
+    retry_timeout "#{ENV['BUFFER_RETRY_TIMEOUT']}"
+    retry_max_times "#{ENV['BUFFER_RETRY_MAX_TIMES']}"
+    retry_wait "#{ENV['BUFFER_RETRY_WAIT']}"
+  </buffer> 
+</match>