Currently, there is no centralized logging package installed (e.g., rsyslog, syslog-ng). What do you use for this? And I think this will not be possible on toolbox and I don’t want to add new layer using rpm-ostree.
My use case is for host security like (sshd, sudo calls, custom firewall logging).
I wan’t to run it like daemon without allocated tty more of like a systemd process. Ah yes fluentbit, I’ve tried it earlier but its unable to output the SSHD logs inside, it only outputs user journald logs. I am still trying to figure the config out for that.
Found the solution as the journald gets ingested in fluent it renames the _SYSTEMD_UNIT to different session names so best is to debug it using a busybox or any container that has bash access. For sshd I used _COMM=sshd.
Fluentbit absolutely can be ran as a service. I test it by running the command and when the output looks right, add it to the /etc/fluentbit config. The fluentbit docs give examples for both CLI and conf file syntax. If you really want to use a container instead of the native packaged fluentbit in Fedora (via rpm-ostree install fluent-bit), then you can use podman generate systemd to generate the systemd service for it as a podman container.
I have used quadlet instead of the generate systemd as that one is already, I think deprecated. Instead of going for fluent-bit I did go for timberio/datadog vector as log collector. As this also collects metrics.