Logging

This section covers the configuration of the logging service.

It is possible to configure the rate limiting that is applied to all messages generated on the system by changing rate limit interval and burst values.

vrouter running config# / system logging
vrouter running logging# rate-limit interval 20 burst 2000
vrouter running logging# commit

If, in the time interval defined by interval (in seconds), more messages than specified in burst are logged by a service, all further messages within the interval are dropped until the interval is over. A message about the number of dropped messages is generated. This rate limiting is applied per-service, so that two services which log do not interfere with each other’s limits.

Defaults to 10000 messages in 30s.

To turn off any kind of rate limiting, set either value to 0.

Let’s check the rate limit values have been applied properly:

vrouter running config# show state / system logging
logging
    rate-limit
        interval 20
        burst 2000
        ..
    disk-usage 6.1M
    ..

Note that disk-usage shows the sum of the file system usage of all archived and active journal files.

The same configuration can be made using this NETCONF XML configuration:

vrouter running config# show config xml absolute / system logging
<config xmlns="urn:6wind:vrouter">
  <system xmlns="urn:6wind:vrouter/system">
    <logging xmlns="urn:6wind:vrouter/logging">
      <rate-limit>
        <interval>20</interval>
        <burst>2000</burst>
      </rate-limit>
    </logging>
  </system>
</config>

See also

The command reference for details about the API, and the show-log command.

Remote Syslog Configuration

syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.

Here we explain how to setup remote logging to a distant server.

Client Configuration

The syslog client can be configured for sending log messages to remote servers:

vrouter running config# / vrf main logging syslog
vrouter running syslog#! remote-server 10.125.0.2 protocol tcp port 514
vrouter running syslog# commit

In this example, logs will be sent in TCP to remote server at address 10.125.0.2 and remote port 514 (which is the default).

To check the values have been applied in the system:

vrouter running config# show state / vrf main logging syslog
syslog
    enabled true
    remote-server 10.125.0.2
        protocol tcp
        port 514
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vrouter running config# show config xml absolute / vrf main logging syslog
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>main</name>
    <logging xmlns="urn:6wind:vrouter/logging">
      <syslog>
        <enabled>true</enabled>
        <remote-server>
          <host>10.125.0.2</host>
          <protocol>tcp</protocol>
          <port>514</port>
        </remote-server>
      </syslog>
    </logging>
  </vrf>
  <ha xmlns="urn:6wind:vrouter/ha"/>
</config>

Server Configuration

Here we provide an example configuration for the distant log server.

We assume the server is running Ubuntu 16.04 and that the rsyslog package is installed.

Open the rsyslog configuration file:

# vi /etc/rsyslog.conf

Find and uncomment the following lines to make your server to listen on the udp and tcp ports:

[...]
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
[...]
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
[...]

Create a template file where we will create a new custom log format under the /etc/rsyslog.d/ directory:

# vi /etc/rsyslog.d/tmpl.conf

Add the following lines:

$template TmplAuth, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"

authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg

Reload the rsyslog service:

# systemctl restart rsyslog

See also

The command reference for details about the API.