OK, nerd talk: What's your favorite logging system? (would this ever come up in a normal conversation???)

These guides are insane. No one goes to the detail that you do. You explain why and how commands and config files work rather that just reading them. Love your channel!

"Make sure you're in a directory... I dont know where else you'd be..." Made me laugh so hard xD

Great tutorial! One thing to note if you want to log specific docker containers you don't need to install promtail or change the deamon file. Just need the docker plugin for Loki and extra configuration in docker-compose for your specific containers that should use dedicated Loki logging driver.

I've watched so many deployment videos trying to get a better all around understanding on all the NMS out there, what they can do, how they operate under the hood, etc. This by far is the absolute best I have seen and definitely earned you a sub. Most deployment videos tend to be quite dry, very un-explainative, and usually feel like a 'just do this real quick and it works' video. Thank you!!!

Fantastic tutorial... everything explained really well, and worked perfectly.. great way to get up and running with Loki / Promtail / Grafana quickly!!

Yo bro, I like your video and the way explained every single bit and steps are just beyond awesome. Thanks for this quality content. God bless you my friend.

IDK may be I am wrong fix me if so. The man talks as if he is talking inside my brain. Awesome job

Thanks! This was informative! It's worth mentioning that Promtail is not required if you are setting Loki as the Docker daemon default logging driver

Thanks man! This is just so much easier and less troublesome then configuring a proper ELK stack.

Been using Loki for over 2 years for work and play. Even out performed some enterprise level logging we tried too!

Hi Tim, you look like the kind of guy to keep (their system) up to date, but for those that may not know, there was a high-severity, zero-day vulnerability for Grafana a few days ago that enabled remote access to local files. Anybody that could access the site could access any file on the system, like for instance /etc/passwd. There are proof-of-concepts publicly available so it takes hardly any skill for script kiddies to start scanning. Grafana released a fix right away. If you have not already, install the latest versions / patches!

We went ahead and added Grafana and Loki to our TrueNAS SCALE Apps as well :) Took some work, but well worth it ^^

Excellent! I am a long time user of Grafana and do a lot with it, but now the job is to manage the logs: here we are! Loki is the tool we want to deploy. Thanks a lot for your video, brillant, will be very helpful!

5 min in and I can already tell your my new favorite tech guide guy. The detail is really welcome!

This was a lengthy but worth every second. Managed to get this up and running and Im happy but I would love a guide on getting syslog integrated

Before watching this video I was thinking to myself I wish Tim had a grafana tutorial.

Please make a video for Tempo as well! Then we can see how you monitor logs, traces and metrics using grafana and setting alerts! That would be cool!

Now, because of you, I want it ! Thanks for the great work.

thank you for validating my use of nano. we are nano brothers, brother.

Remap Caps Lock to Ctrl if your control key is broken! Easier to reach, I do this by default. Great tutorial.

Your documentation (as far as copy & pasting goes) does not work anymore. Docker containers will not be able to find directories, or run without root, and will be stuck in a restart loop.

Can this be used in a closed source commercial product? The AGPL license is concerning. Even though no changes are made to the source code, and it would only be used for internal purposes, section 13 of the license is concerning. The software is a web application, so it would be accessible over a network, and while logs would obviously not be shown to end users, and technically aren't even necessary for the application to work, they are necessary for development and debugging.. Can't figure out whether it can be used in my company or not

I swear software is annoying. If you look at the official docs to install this thing using docker-compose there's no mention of most of what Tim talks about. "Creake a loki folder and run this wget. Done." And if you look at the yaml file from the repo it's completely different than Tim's. If software developers knew how to communicate they'd be dangerous.

Thanx a lot. Something that would be cool is to have a guide howto setup loki,mimir,tempo with grafana and prometheus in k8. Thanks!

This is great and timely! Awesome vid! You make logging look fun! Gonna try it out right now!

I was waiting for this video. Very well explained as always, thanks Tim ! To take a quick glance at my docker logs, i like to use Dozzle, a very small and straight to the point tool, but it does the job

Thanks!

Hi! Before all, amazing video!! But, I'm having an issue when I try to do the first query, I see "No logs volume available". I already checked /ready and /metrics and looks good. Do you know which can be the problem? Thanks a lot

Awesome video @TechnoTim . Around the 15:24 mark, he was talking about how you would usually check Docker logs then scrolled down his container names, how did he do that? I'm assuming it is a particular shell, maybe? Anyone knows?

Is there a GitHub repository showing the various configuration files? That would be helpful.

Awesome video, Tim! Could you share your dashboard config from 0:47? It looks like exactly what I need.

Hey Tim, great content as per usual!! I just saw your video and been struggling to set up logging from a firewall with this especially since promtail will be deprecated next year and they are switching to alloy. I wanted to know what are you using today in 2024 and if your still use this setup, have you migrated to alloy instead ?

Just found your channel. I freaking LOVE these deep dives. Thank you so much for your hard work and insights!

Great video, I have a question about the promtail adding docker section. when you set up the docker loki driver, the daemon config was sending logs directly to loki so I am not sure what the promtail configuration actually did in this setup. Additionally, the promtail config was set to push from /var/lib/containers.... but this would have ben for the folder within the container of promtail only and not host. Have I missunderstood something?

Hi , may I know how to add the prometheus , snmp exporter also include in the docker? My purpose is monitor linux system, windows system , and network deivce e.g Cisco switch , FortiGate firewall . Thank you

Thank you for the demo. I really appreciate it. I am in the process of setting up a syslog server.

Hi friends, Note : logs are from ubuntu server.... I'm looking for a log retention for 3 months in grafana loki .... How can we extend the retention period from the default 30 days to 90 days ??

I seem to be missing something with the syslog portion. I set it up with the listening ports. I then went into one of my network devices and pointed it to loki on port 1514. Now what? I don't see anything in grafana indicating that any syslogs are coming in. I must be missing something really basic.

Awesome tutorial Tim, as usual you nailed thank you for your hard work.

you can use ./bla (relative path) for binding volume

The docker loki plugin had a serious problem, so it was not an option for production use. I don´ t know if this issue has been solved. The last time I was reading through the related issues the developers said, that they might not be able to provide a solution anytime soon. Let me describe: If your container host has high IO load and/or the loki server is not reachable for some reason the whole docker daemon hang up, because it wasn´t able to write the logs. The worst possible situation is when shutting down multiple containers. It wasn´ t possible to define some timeout. It was required to kill the daemon process and remove the container files (/var/lib/docker/containers) the daemon normally manages. I never used the plugin again. I´m happy with configuring the log property of a container and have promtail to scrape this. The result is the same, but without the possibility of a blocked daemon.

Hi , I tried to extract logs from mssql server using promtail , loki grafana I window environment, logs are coming to grafana dashboard. Problem here is in logs words are displaying as I n s t a n c e instead of instance. Can you please help with solution to resolve my issue.

Thanks for the demo and info, have a great day

I would like to reach a position where my ctrl and enter breaks. How can I do it?

Stupid question, what do you use for SIEM solution in this setup, LOKI is not one or do they plan on it as per github. What would you forward logs to? Graylog or ELK?

Messing with influxdb but will check out Loki next. Wondering how Loki performs with TBs of logs without switching to cloud storage. Thanks for the video!

Thank you for your video. I enjoyed it very much and I know what I will do when I have some more free time around christmas this year.

Thank you for the video. Helped a lot!

Hello, I have LXC containers (15) with dockers running inside, have you found a way to monitor them without installing the agent on all of them?

Great video. Thanks for putting this info out. I will use it to monitor my home network. QQ on syslog, once I place the configuration in the yaml file, I dnt need to use something like rsyslog on a server to listen to the syslog and forward it to promtail? I can send the my syslog directly to promtail container on port 1514?

Thank you so much for the knowledgeable session

I got this working well for standard logs . I'm curious if I can send other logs, like from ansible pull or from application that I write, to promtail as well. Google wasn't useful for answering this question, so maybe I'll hit up reddit and Grafana forums.

Unfortunately, I found that the syslog functions do not work with my firewall (SonicWALL) and promtail. Looking at some dashboards on Grafana related to SonicWALL it says something about setting up rsyslog in front of promtail to get it to work.

let me ask 1 question Loki is possible to connect with old container logs after using docker plugin

Great presentation of some solid content! Thanks for sharing!

I want to send only Error Logs and need to define that in promtail configuration file , so i do not need to send all logs to loki before sending logs it will filtered and send only error logs that is required , pls help ???

You know it's like really simple to develop plugins for Grafana? In my recent job we had to develop some very custom dashboards on the data we were collecting and it turns out Grafana has this whole eco-system to develop not only panel plugins, or data source plugins, but even app plugins, which integrate directly into the Grafana UI. It's really nice, since you get all user management and auto-reloading of data mechanisms for free :) And when I say easy, I mean really hard if you don't know it's basically React (and I didn't know React). But once you figure it out, it's easy.

I also used 24:24 and its really awesome, but now there's issue i could not fix, in kubernetes 1.22.x chart is deprecated and solution is to update clusterrole to /v1 from /v1beta1 but no idea in helm how to?

Thank you for your great work, i think i have nearly a copy of your homelab in my home

New monitoring: error and alert monitoring: CheckMK performance monitoring: Prometheus + Grafana log monitoring: Loki + Grafana status monitoring: uptime kuma

Good day i got this error when install plugin docker plugin enable loki Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/etc/resolv.conf" to rootfs at "/etc/resolv.conf": stat /etc/resolv.conf: no such file or directory: unknown ls -l /etc/resolv.conf lrwxrwxrwx 1 root root 32 Dec 26 16:15 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

Can this be done in a VM? I really don't have the time to learn about docker, containers. Thanks.

for the syslog, see if you can point the logs towards a dummy ip address. this way if someone gets into you system, they won't be able to find and mess with the logging server

Wondering if we need same driver while setting up the loki, promtail logging system in my k8s cluster ? Please suggest, thanks. I am trying to set this logging system for my cluster but having some hard time to understand how to write the scrape config to get logs from all pods in the namespace :(

Gratefull i found this channel, thanks sir. Greeting from indonesia

1. Is Loki-Promtail stack suitable for aggregating and shipping logs that are generated at microsecond level?. 2. When logs are available in multiple files, promtail ships the logs in round robin fashion, spoiling the order of the logs. (Let's say logs generated through rolling file appender fashion). Any comments will be helpful.

Hi Tim thanks for all the good stuff you create! I really would like to log actions on my kids' windows 10 computers (they're 8 yo). Just "items" like which program has been started and on google & youtube what was being queried/returned/displayed... Do you have an idea how to achieve that?

Thanks for this tuto. :) I get a lot of value from it :D

Great video! I installed grafana, prometheus, loki and promtail on my Proxmox host and I am really liking it. One question: is there an easy way to get promtail to get logs from my Proxmox LXC containers and VMs? Or do I need to install promtail into each LXC/VM in order to get the logs into loki?

Loki is great, very versatile. Be warned tho if you have limited storage space the loki database can grow in size quick! Edit: loki doesn't trim old logs by default.. I only keep logs up to two weeks old. Huge data saver!

Hi, great video. Inspired me to try Loki in my k3s system for my app. I have an issue though. I cannot query logs that are older than 1 hour (no data is returned). Do you potentially know what could be the cause of that, which configuration, because I spend a couple of hours and cannot find the solution.

You can't start logging this professional now dude, I stayed hidden so far from you but now it's impossible 🤣 You have so many docker tutorials and you're actuality running them in your house that... I have to... I hereby declare you the docker King of KZbin!

Is there a video on how to set up the dashboard?

Hey, Thanks for providing docker-compose grafana loki setup. Could you please kubernats (using kind) grafana loki yml if possible(for capturing the ISTIO logs)

Hi Techno Tim, Docker compose does not work. Services are not exposed... I get a 404 page not found at port 3100 the port 3000 is not exposed at all... What do i have to do now?

this tutorial was awesome, appreciate you!

Hey Tim, Love the video great job, How would this apply to the Raspberry Pi/Orange Pi/Rock Pi? Thanks for your hard work. Can it be installed on RPi 4 or the others I mentioned above?

Hi, I am setting up Grafana, Loki, and Promtail for an upcoming project, and I am using syslog-ng to receive logs from external devices. Can you create a video tutorial on using syslog-ng with Grafana Loki?

You are my inspiration!! Great job!!

Thanks for this. Question if use docker on a macOS system should I edit the daemon.json in the ~/.docker dir instead of creating one on /etc/docker ? /etc/docker does not exist on my system. Thanks.

i usually do Elasticsearch, i know its heavy in use and maintenance but also plugs into other things like my wiki so its great. Loki does look promising tho.

@Techno Tim, can we see more than a month old log along with a description(full stack trace) through Grafana Loki. Would this be an efficient tool for maintaining too old logs in application's Eco system.

Would you deploy Loki in Kubernetes and use it only for that or would you send logs from other hosts to it as well?

Hi, I wan't to setup promtail to get all syslog from my mikrotik routers. they send it over udp. If I'm right I have to setup a rsyslog forwarder. Can you explain how to do this?

What plugin causes the yellow, green, and purple stripes in Tim's text editor to show which indent he's at? Time code 4:00 as a reference.

If I got 500gGB logs in HDD as syslog.logs (txt) , what is better to use: loki + graphana or collect these logs in elasticsearch (graylog) ? As I know elasticsearch not very good with HDD...

Hey Tim - great information in your videos! Through lots of tinkering, I've managed to get k3s, cert-manager, rancher, traefik with tls certs up and running under Proxmox (I backed up my whole server, reformatted with Proxmox, created a VM and restored the server which runs 35+ containers in docker for my homelab). I want to get Grafana Loki but also want the prometheus and alerting too from your monitoring video. It looks like installing monitoring via the marketplace gets charts etc but do you just add loki rather than the loki stack? Adding loki stack seems to add things but there were no charts by default installed. Again, thanks for your awesome work. Your homelab machinery is sweet!

Great video, just set it up. One question though: Retention, what are the limits, and where can you set them to stop it taking up all the space on my host?!

how to deal with security in this case? if you have multiple servers from different locations or multiple docker hosts?

Hi Tim Great video. I got the local logs working fine but when trying to get the logs from my docker containers its not working. Could you please point me in the right direction to check for any logs as to where it could be failing ? Thanks

Hey Tim, great tutorial, I had decided on Loki already. Still, I have an issue with how to set up log retention using my Digitalocean space as external storage support, so I'm wondering if you got anything to share on that..?

Very Nicely Explained, keep it up.

Hi , i would like to say thank you !

Hi Tim, I tried your settings for Docker Loki plugin. After configuring and restarting docker still use Jason as log format. Do you have some tipps for me?

It looks promising but what about the syslog listener. Can you specify if it should listen for UDP or TCP? Some of the applications that we have can not do either UDP or TCP, so we have to have individual inputs in graylog for them. Also, if its a major hasle to get readable syslogs from some servers, then I wonder how much time i would have to spend to set this up for all our types of serves/applications

Is there any reason why you do a touch followed by a nano edit? Couldn't you simply nano into a new file and save one bash line?

Great tutorial!!! Is is difficult to get logs out of loki without Granfana Dashboard.

Pfff ...this is great!! 😀 Thx man! Will definitely have a play with this! ✌️

Hello @techno tim, how do i send syslogs (udp 514) to the promtail container (tcp 1514)