Hi,
Icinga itself is a monitoring tool and depends on plugins feeding in data and states.
The SyslogLogger object you’ve found is an Icinga specific log context, meaning to say, the daemon will log its lines to syslog having this feature enabled. This has nothing to do with general syslog monitoring.
I’m not sure why you’re using Docker here, especially since you’re saying that you’re new to both, Icinga and Docker. Anyhow, you’ll need something which aggregates syslog and log files in a reasonable way.
You can do so with different methods:
- Actively grep the log files on hosts with
check_logfiles - Have centralized logging collectors such as Elastic Stack or Graylog, define rules and forward alerts to Icinga
- Or you use plugins to actively query ES or Graylog
Here’s a compiled list of plugins actively polling things: https://icinga.com/docs/icinga2/latest/doc/05-service-monitoring/#log-monitoring
Since you’re saying that you didn’t like Graylog, how about Elastic Stack then?
In combination with metrics, logs can be added to your monitoring analysis. I’d advise to watch this talk from @bsheqa to get a better understanding on combining all of them:
Cheers,
Michael