Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a step about warning Kibana admins of new teams #631

Merged
merged 3 commits into from
Apr 17, 2024
Merged

Adding a step about warning Kibana admins of new teams #631

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6101686
Update enable-secure-logs.md
dmykarp Apr 17, 2024
bc8025b
Update enable-secure-logs.md
dmykarp Apr 17, 2024
20cc872
Update enable-secure-logs.md
dmykarp Apr 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions tenants/nav/how-to-guides/observability/logs/enable-secure-logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,13 @@ Some applications have logs with information that should not be stored with the

This is guide contains a deprecated syntax for enabling secure logs. With the new syntax all logs will be sent to secure logs when enabled and will not require any special log configuration.

## 1. Enabling secure logs [manifest](../../../reference/application-spec.md)
## 1. Prerequisites

If your NAIS team has already at any point produced secure logs, you can skip this step.

If your team has never before produced secure logs, before enabling them for the first time, give a warning in [#kibana](https://nav-it.slack.com/archives/C7T8QHXD3) Slack channel. There are some things that need to be adjusted before a new team can start sending. Remember to include the name of your NAIS team in the message.

## 2. Enabling secure logs [manifest](../../../reference/application-spec.md)

???+ note ".nais/app.yaml"

Expand All @@ -21,7 +27,7 @@ Some applications have logs with information that should not be stored with the
enabled: true
```

## 2. Set log rotation
## 3. Set log rotation

With secure logs enabled a directory `/secure-logs/` will be mounted in the application container. Every `*.log` file in this directory will be monitored and the content transferred to Elasticsearch. Make sure that these files are readable for the log shipper \(the process runs as uid/gid 1065\).

Expand Down Expand Up @@ -50,7 +56,7 @@ Log files should be in JSON format as the normal application logs. Here is an ex
</appender>
```

## 3. Configure log shipping
## 4. Configure log shipping

Example configuration selecting which logs go to secure logs

Expand Down Expand Up @@ -96,7 +102,7 @@ Example configuration selecting which logs go to secure logs
</configuration>
```

## 4. Use secure logs in application
## 5. Use secure logs in application

Using the Logback config below you can log to secure logs by writing Kotlin-code like this:

Expand Down