Public | Automated Build

Last pushed: 9 months ago
Short Description
Short description is empty for this repo.
Full Description


Hello World

Fire up the stack and start an consumer.

$ docker-compose up -d
Creating dockerkafka_consul_1...
Creating dockerkafka_kafka_1...
$ docker exec -ti dockerkafka_kafka_1 bash
[root@kafka /]# /opt/kafka/bin/ --zookeeper localhost:2181 --topic syslog

Within a sceond terminal we now start a producer and start submitting messages.

$ docker exec -ti dockerkafka_kafka_1 bash
[root@kafka /]# /opt/kafka/bin/ --broker-list localhost:9092 --topic syslog
[2015-07-30 15:54:53,682] WARN Property topic is not valid (kafka.utils.VerifiableProperties)
Hello World

Et voila, the consumer prints the very same messages... :)

[root@kafka /]# /opt/kafka/bin/ --zookeeper localhost:2181 --topic syslog
Hello World


Rsyslog is forwarding it's messages as well, therefore you could just submit a log via logger.

[root@kafka /]# logger Test123
[root@kafka /]#  /opt/kafka/bin/ --zookeeper localhost:2181 --topic syslog --from-begin
2015-07-30T17:52:22.716437+02:00 kafka logger: Test123

Kafka syslog-ng

The syslog-ng-kafka plugin does not work for me currently. syslog-ng segfaults when kafka is enabled. :(

[root@kafka /]# cat /etc/syslog-ng/syslog-ng.conf

# syslog-ng configuration file.
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (1000);
    chain_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);

source s_sys {
    file ("/proc/kmsg" program_override("kernel") flags(kernel));
    unix-dgram ("/dev/log");
    udp(ip( port(514));
    tcp(ip( port(514));

# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"

# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

The kafka config:

[root@kafka /]# cat /etc/syslog-ng/conf.d/kafka.conf
destination d_kafka {
  channel {
    rewrite {
      set("${HOST}"    value(""));
      set("1"          value(".eventv1.@version"));
      set("${ISODATE}" value(".eventv1.@timestamp") condition("${.eventv1.@timestamp}" eq ""));
      set("${MESSAGE}" value(".eventv1.message")    condition("${.eventv1.message}" eq ""));
      set("${MSG}"     value(".eventv1.message")    condition("${.eventv1.message}" eq ""));
      set("generic"    value(".eventv1.type")       condition("${.eventv1.type}" eq ""));
    destination {
            payload("$(format-json --key .eventv1.* --rekey .eventv1.* --shift 9)"));

log {

Give it a spin...

# syslog-ng --foreground
[2015-07-30T15:59:15.640661] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode Please update it to use the syslog-ng 3.6 format at your time of convinience, compatibility mode can operate less efficiently in some cases. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file.;
Segmentation fault

The WARNING derives from the version statement of syslog-ng.conf, but maybe there is something wrong with it as well...

Docker Pull Command
Source Repository