GitHub user soreana created a discussion: Centralised logging via rsyslog
##### ISSUE TYPE * Feature Idea ##### COMPONENT NAME ~~~ Systemvm ~~~ ##### CLOUDSTACK VERSION ~~~ It can be merge to 4.14 ~~~ ##### CONFIGURATION <!-- Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise --> ##### OS / ENVIRONMENT Used Ubuntu 18:04 as a host for management server and KVM Hypervisor. ##### SUMMARY Hello Cloudstack community. There is a systemvm remote logging feature proposal. It enabled administrator to access systemvm's log file through management server. I think it would be interesting for other as well. To better explaining my setup I depicted the configuration in below picture.  In this case rather than downloading log file manually from systemvms, they will be available automatically through management server. ### STEPS TO REPRODUCE Below are configuration files for hypervisor, management server and sytemvms. #### Hypervisors Below 4 lines have to uncommented in rsyslog configuration file on each hypervisor in `/etc/rsyslog.conf` ```Python module(load="imtcp") input(type="imtcp" port="514") module(load="imudp") input(type="imudp" port="514") ``` Adding below file on each hypervisor to export logs from hypervisor to management server. ```Java # cat /etc/rsyslog.d/00-fwd.conf if ($fromhost-ip startswith '169.') then { *.* @<Management Server IP>:514 stop } ``` #### Management Server Just like hypervisors, below 4 lines have to uncommented in rsyslog configuration file on management server in `/etc/rsyslog.conf` ```Python module(load="imtcp") input(type="imtcp" port="514") module(load="imudp") input(type="imudp" port="514") ``` Add below file on management server ```Java # cat /etc/rsyslog.d/00-remote.conf $template remote-incoming-logs,"/var/log/rsyslog/%HOSTNAME%/syslog" $template remote-incoming-logs-combined,"/var/log/rsyslog/remote" if ($fromhost-ip startswith '10.' or $fromhost-ip startswith '172.') then ?remote-incoming-logs if ($fromhost-ip startswith '10.' or $fromhost-ip startswith '172.') then ?remote-incoming-logs-combined & ~ ``` #### Systemvm `00-fwd.conf` file should add on each systemvm as well to export logs from systemvms to hypervisors. ```Java # cat /etc/rsyslog.d/00-fwd.conf *.* @169.254.0.1:514 ``` `49-cloud.conf` file should add on each systemvm. This file describes the logs that eventually sent to a management server ```Java # cat /etc/rsyslog.d/49-cloud.conf $InputFileName /var/log/cloud.log $InputFileTag cloud $InputFileStateFile stat-file1-cloud $InputFileSeverity info $InputFileFacility local7 $InputFilePollInterval 1 $InputFilePersistStateInterval 1 $InputRunFileMonitor ``` Need to uncomment below lines if they are commented in /etc/rsyslog.conf ```python $ModLoad imudp $UDPServerRun 3914 ``` ##### EXPECTED RESULTS ~~~ Management server store systemvm's logs in /var/log/rsyslog/<Systemvm's host name>/syslog ~~~ GitHub link: https://github.com/apache/cloudstack/discussions/9179 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
