Caddy Logs Outputting to RSysLog/Azure Log Analytics

1. Caddy version (caddy version): v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

a. System environment:

Ubuntu 18.04

b. Command:

sudo apt install caddy
caddy reload --config /mnt/caddyvmdata/Caddyfile

d. My complete Caddyfile or JSON config:

{
	on_demand_tls {
		ask https://myaskapi.com/CaddyServer/VerifyDomainName
		interval 5s
		burst 5
	}
}

https:// {
	log
	tls {
		on_demand
	}
	reverse_proxy myreverseproxy.com {
		header_up Host {upstream_hostport}
		header_up X-Forwarded-Host {host}
	}
}

:8080 {
    respond "I am alive!" 200
}

3. The problem I’m having:

We are running Caddy 2.4.6 in a Linux VMs and are trying to get the logs output into Azure Log Analytics via rsyslog. I have added the facilities for all log levels for syslog, user, local0 through local7. And confirmed this via /etc/rsyslog.d/95-omsagent.conf

So far I have been able to confirm that the logs are going to /var/log/syslog, but have not been able to get these showing in Log Analytics.

Is there something we are missing to get these running into say one of the local0-7 facilities?

Where the Caddy syslog record starts like

Feb 15 03:32:31 caddyvm-vm-dev-1 caddy[3158]: {"level":"info","ts":1644895951.5908177,"logger":"http.log.access","msg":"handled request","request":{"remote_addr"

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

Are you running Caddy as a systemd service? That’s not clear from your post (you didn’t fill out that section of the template).

Caddy emits its logs to stdout/stderr, and systemd passes those to the journal.

If you’re running it another way, then make sure you capture that output to log them where you need.

Hi Franics, yes it is running as a service

systemctl status caddy

● caddy.service - Caddy
   Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: active (running) (Result: exit-code) since Mon 2022-02-14 03:14:21 UTC; 1 day 17h ago
     Docs: https://caddyserver.com/docs/
 Main PID: 3131 (caddy)
    Tasks: 8 (limit: 447)
   CGroup: /system.slice/caddy.service
           └─3131 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
journalctl -u caddy --no-pager | less +G

Feb 15 15:39:56 caddyvm-vm-dev-0 caddy[3131]: {"level":"info","ts":1644939596.0619006,"logger":"http.log.access","msg":"handled request","request":{"remote_addr" [...]
Feb 15 20:06:08 caddyvm-vm-dev-0 caddy[3131]: {"level":"info","ts":1644955568.668636,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/config/","remote_addr":"[curl]","headers":{"Accept":["*/*"],"User-A
gent":["curl/7.58.0"]}}
cat /lib/systemd/system/caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /mnt/caddyvmdata/Caddyfile
ExecReload=/usr/bin/caddy reload --config /mnt/caddyvmdata/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
SyslogFacility=local4
SyslogIdentifier=syslogazuremonitor


[Install]
WantedBy=multi-user.target

I have edited the --config paths and added SyslogFacility and SyslogIdentifier lines above, and it’s coming into Azure :ok_hand:

My question now, is there a way I can edit this while installing the service in a non-interactive manner? Currently that .sh script looks a bit like this

sudo apt update 
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https 
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo apt-key add - 
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
caddy version
caddy reload --config /mnt/caddyvmdata/Caddyfile

Don’t edit the service directly, set up overrides instead:

This topic was automatically closed after 30 days. New replies are no longer allowed.