I am working a strategy to consolidate NR logging to a remote log server. Figured I would ask about ideas for doing this. Here is what comes to mind, but chime in on other ideas or suggestions please.
Simple syslog splitting node-red logging to separate file, on local system, so /var/log/node-red.log, using logrotate to keep things neat.
Simple remote syslog server, splitting node-red logging to remote syslog system, so on remote syslog, /var/log/node-red/%hostname%.log as an example. Just takes custom rule in rsyslogd configuration. Using logrotate to keep things neat.
Logging to database? Maybe some day for now simple log text splitting sufficient.
I did not find any log facility control for NR? Is this a consideration for future feature? Would make for easy routing of logging. Or even adding a RSYSLOG server target in settings.js? But there are various ways to do this of course.
Of course you could write a custom logger routine that actually directs to a RSYSLOG receiver, has an one written a logger that sends data to RSYSLOG on a remote server?
For generating logging from flows sure. But this really about redirection of 'node-red-log' output to remote system. The custom logger example is close in concept, but sends to a different receiver than 'standard' rsyslog.
Been a while since looked at the rsyslog/syslog format needed, but I am sure a bit of javascript in the custom logger could mimic what rsyslog wants to see.
Providing I can get local syslog to forward logging or use a custome logger to send logging to the expected port and format, the following may work once established on the remote syslog server.
I have not tested it, but based on what I have done in the past it may. If you have Node-Red logging going to syslog by default, just redirect any thing 'Node-RED' tagged to the RSYSLOG server and split the logging based on source host name.
/etc/rsyslog.d# cat 40-nodered.conf
template (name="NODERED" type="string" string="/var/log/nodered/%hostname%.log")
if ($programname startswith 'Node-RED') then {
action (type="omfile" dynaFile="NODERED")
stop
}
You will need a logrotate entry to keep the logging trimmed over time. So:
/etc/logrotate.d# cat nodered
/var/log/nodered-install.log
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
}
/var/log/nodered/*.log
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
}
I added to the existing logrotate nodered error conf file that captures installation errors, so if that or this file is updated, my customization might be stepped on. But for testing this is ok. Creating a separate logrotate conf file might be prudent. :)
No for the tricky part... trying to get local (rsyslog to forward for us, and avoid having to write a custom logger under NR configuration. This is on each source server, that will be sending Node-RED matching log entries to the remove log system. The following is redacted from a typical local (source) rsyslog configuration:
# cat /etc/rsyslog.d/node-red.conf
:omusrmsg:template :omusrmsg:node_red, " %msg "
if ($programname startswith 'Node-RED') then {
@@<IP or FQDN>:<Port>:node_red
stop
}
LOL! Seems to be working... No more Node-RED references in local server /var/log/syslog file! And on the remote system logging server, /var/log/nodered directory has its first %hostname%.log file!
So, the high level steps are:
On each client/source/NR instance device, add an rsyslog conf file that directs 'Node-RED' matching message to a remote system logging device or server that is configured to receive rsyslog communication.
Add rsyslog conf file that has a rule that routes(*) 'Node-RED' tagged (programname) message to a /var/log/nodered/ directory where file name will be %hostname%.log.
(*) I need to check if the communication is UDP or TCP based. Not sure what the above is defaulting to, likely UDP only.
The above does not negate that a custom logger in NR setup that can communicate via UDP/TCP to the applicable remote logging server port, would be preferred, a more elegant if you will solution.
