On Thu, Jun 7, 2018 at 2:20 PM, Tezarin <[email protected]> wrote:
> Hi all, > I have Guacamole running inside a docker container. We use Splunk for > managing the logs on all of our applications. Is there any way I could > forward the guacamole logs to Splunk? > As of right now, the only way I know to manage the logs is by running the > docker logs guacamole command. > > Thanks in advance First, which Guacamole logs are you talking about - server (guacd) or client (Tomcat + guacamole.war)? For guacd, these should already be logged via syslog (journalctl, etc.), so you should be able to pick those up via whatever mechanism Splunk can use to capture them. Kris mentioned the Splunk Log Driver for Docker, and presumably Splunk also is capable of intergrating directly with syslog. For Guacamole Client (Tomcat), you'll probably need to do a little more configuration to get the logs sent either to a stdout/stderr where they can be picked up by something like the Splunk Log Driver, or configure logback.xml (slf4j's logging configuration) to send to syslog and pick them up the same way you would the guacd logs, or anything else that logs either to the console or to syslog. -Nick
