In general, the LogDNA Agent v1 works by monitoring changes in local log files (read only access) and sending new lines to the designated ingestion endpoint.
These are the three primary reasons why LogDNA's agent requires root access:
- The agent listens to kernel-level file events to detect new lines in log files
- The agent monitors default log file paths, such as /var/log or /var/data
- Container-based frameworks such as Kubernetes, also uses these file paths
Kubernetes centralized logging (which writes all container logs to /var/log) recommends using a DaemonSet and node-level logging, which is exactly how we implemented the LogDNA agent.
Updated about 1 year ago