The article covers the requirements to ingest Bitbucket logs and the steps to forward Bitbucket logs to the Syslog server. You can also learn how to install docket engine and forwarder.
Requirements
- Bitbucket Account.
- Access to Bit Bucket Server installation device.
Forwarding Bit Bucket Logs to the Syslog Server
- Log in to the Bitbucket Server.
- Go to <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback.xml (for Bitbucket versions before 7.0) or <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback-spring.xml (for versions after Bitbucket 7.0).
- Add the following command to the file. Provide the syslog host and port.
<appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
<syslogHost>(forwarderIP)</syslogHost>
<facility>(information)</facility>
<port>(forwarder port)</port>
<suffixPattern>[%thread] %logger %msg</suffixPattern>
</appender>
<!-- Do not set levels here, only add appenders -->
<root>
<appender-ref ref="bitbucket.application"/>
<appender-ref ref="SYSLOG"/>
</root>
<!-- Enable Atlassian Profiling and direct it to its own separate appender -->
<logger name="com.atlassian.util.profiling" level="DEBUG" additivity="false">
<appender-ref ref="bitbucket.profiler"/>
</logger>
<!-- Enable access logs and direct it to its own separate appender -->
<logger name="bitbucket.access-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.accesslog"/>
<appender-ref ref="SYSLOG"/>
</logger>
<!-- Enable alert logs and direct it to its own separate appender -->
<logger name="bitbucket.alert-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.alertlog"/>
</logger>
<!-- Enable mail logs and direct it to its own separate appender -->
<logger name="bitbucket.mail-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.maillog"/>
</logger>
Install Docker Engine
Update the apt package index and install the latest version of Docker Engine and container, or go to the next step to install a specific version:
#apt-get update
#apt-get install docker.io
Docker is successfully installed.
Install Forwarder
Step1: Download and transfer the forwarder configuration file (config) which NetEnrich provides.
- Connect to your Linux forwarder via terminal.
Change the directory to the home directory of the new user that will run Docker Container. - Create a new directory to store the Chronicle forwarder configuration files:
# mkdir ~/config
- Navigate to config#
Move the respective file “Config” under the directory ~/config#
Note – The config file will be provided by NetEnrich.
If you are unable to move to the particular folder, follow below steps.
Config# vi nfr1_fwdr.conf
- Save the file using command - “:wq!”
Step2: After saving the file, execute the below commands.
Obtain the latest Docker image from Google Cloud
#docker pull gcr.io/chronicle-container/cf_production_stable
Start Chronicle forwarder from the Docker container:
# docker run --detach --name <example cfps> --restart=always --log-opt max-size=100m --log-opt max-file=10 --net=host -v ~/config:/opt/chronicle/external gcr.io/chronicle-container/cf_production_stable\
The Docker container (and Chronicle forwarder) persist after system reboots
Step3: Monitor and manage the forwarder
The following Docker commands help you monitor and manage Chronicle Forwarder:
- Check if the Docker container is running:
#docker ps
- Display the logs from the container. Note that this can generate a substantial volume of output, but is useful for debugging:
#docker logs (Container name which provided in above step)
Note: The steps mentioned above were created from research.
Comments
0 comments
Please sign in to leave a comment.