Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenTelemetry support #5685

Open
knp-sap opened this issue Dec 6, 2024 · 2 comments
Open

OpenTelemetry support #5685

knp-sap opened this issue Dec 6, 2024 · 2 comments
Assignees
@MarcosDY
Labels
triage/in-progress Issue triage is in progress

Comments

@knp-sap
Copy link

knp-sap commented Dec 6, 2024

As an operator, I would like to be able to ingest the SPIRE Server's audit logs via OpenTelemetry.

  • Subsystem: server
@rturner3 rturner3 added the triage/in-progress Issue triage is in progress label Dec 10, 2024
@rturner3
Copy link
Collaborator

@knp-sap Just to clarify, is there something that is blocking a SPIRE user from ingesting SPIRE audit logs with an OpenTelemetry log collector?

There are some open questions in my mind:

  • What changes would need to go into SPIRE to support OpenTelemetry? Does this need to be done in SPIRE code or can it be solved with a separate log scraper that enriches/reformats SPIRE logs to match the required format?
  • Are logs sent synchronously and asynchronously using OpenTelemetry? Trying to understand the potential performance impact of SPIRE.
  • Would adding support for some custom log fields also solve this problem?

@knp-sap
Copy link
Author

knp-sap commented Dec 11, 2024

is there something that is blocking a SPIRE user from ingesting SPIRE audit logs with an OpenTelemetry log collector?

No, a user can leverage the File Log Receiver to collect the logs. Unfortunately, this is not accepted in my organization due to compliance reasons (e.g., container logs not being up to the standard of audit logs).

What changes would need to go into SPIRE to support OpenTelemetry? Does this need to be done in SPIRE code ... ?

The SPIRE code needs to be changed.

An MVP for the audit logs could be:

  • Implementing a custom logrus hook that sends the logs via HTTP or gRPC.
  • SPIRE users being able to configure the target that receives the audit logs.

A proper implementation would be to actually use the OpenTelemetry APIs and SDKs (https://opentelemetry.io/docs/languages/go/getting-started/).

... can it be solved with a separate log scraper that enriches/reformats SPIRE logs to match the required format?

I wouldn't say it's about the format of the SPIRE Server's audit logs.

Are logs sent synchronously and asynchronously using OpenTelemetry? Trying to understand the potential performance impact of SPIRE.

It depends on the implementation, but an asynchronous setup should be possible.

Would adding support for some custom log fields also solve this problem?

No.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MarcosDY MarcosDY

Labels
triage/in-progress Issue triage is in progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MarcosDY @rturner3 @knp-sap