Aggregate Stalwart logs #196
Description
Stalwart logs are currently stored in the systemd journal of the EC2 instances they run on. When an issue needs debugging and we need to access the logs to do that, it's a bit of a pain to log into all of the systems that could have produced the relevant events and find the thing you're looking for. This difficulty will scale with our systems' scale.
Additionally, there is little control around these logs. We are developing some logging guidelines to keep things safe and secure. We should design a logging solution around that and then apply it to this project.
Changes to this project should take the following form:
- Set journald options to reduce the retention period of Thundermail/Stalwart logs to 3 days in prod, 7 days in other environments.
- Build a compliant CloudWatch logging destination using the new tb_pulumi pattern.
- Install a fluent-bit configuration to extract these logs by following the unit's journal and forwarding the logs to the new destination.