Hi everyone.
We are preparing a small setup that will run 4 or 5 virtual machines on one host and we want to have one of them fully dedicated to logging. We will likely also be running a splunk server for data analysis on that machine.
Our initial root was to have VM syslog writing to UDP or TCP port on the logging machine but we are considering a different and cleaner (we think) way which I am not sure if it could have any issues we are not considering:
VM machines will have /var/log virtually mounted to a log partition on the host machine... ie:
mount -n --bind /log_partition/vmXXX ${VE_ROOT}/var/log
That partition will then be made available on the logging VM as a read only:
mount -n -r --bind /log_partition ${VE_ROOT}/logs_from_vm
So it can have access to all VM logs.
We understand this has a limitation to 1 only server, but it also removes all logs from our VM so our daily snapshots will become smaller and never contain any logging.
Could we have some issues we are not considering due to the fact of /var/log/ on the VM machines not being a "real" local partition but a binded one?
Many thanks.
We are preparing a small setup that will run 4 or 5 virtual machines on one host and we want to have one of them fully dedicated to logging. We will likely also be running a splunk server for data analysis on that machine.
Our initial root was to have VM syslog writing to UDP or TCP port on the logging machine but we are considering a different and cleaner (we think) way which I am not sure if it could have any issues we are not considering:
VM machines will have /var/log virtually mounted to a log partition on the host machine... ie:
mount -n --bind /log_partition/vmXXX ${VE_ROOT}/var/log
That partition will then be made available on the logging VM as a read only:
mount -n -r --bind /log_partition ${VE_ROOT}/logs_from_vm
So it can have access to all VM logs.
We understand this has a limitation to 1 only server, but it also removes all logs from our VM so our daily snapshots will become smaller and never contain any logging.
Could we have some issues we are not considering due to the fact of /var/log/ on the VM machines not being a "real" local partition but a binded one?
Many thanks.