Logging

From SOWNWiki
Jump to: navigation, search

Server Logging

  • Logging on SOWN uses syslog-ng to collect all the logs from the nodes and servers into a central location.
  • This central location is arranged as follows:
 ** Year/
 *** Month/
 **** dd-messages 
  • dd-messages is a file containing messages from all servers and nodes (tar.gz) in time order, thus you can see the traffic between the nodes and servers.
  • Example log line:
 Date:Time Source <Proc.MessageType> Message
 2009-11-14T01:15:34+00:00 node259 <kern.warning> kernel: wifi0: stuck beacon; resetting (bmiss count 11)
  • syslog-bg conf file on collector
 options {
         sync(0);
         log_fifo_size(8192);
  
         bad_hostname("gconfd");
 
         use_time_recvd(no);

         group(adm);
         create_dirs(yes);
         dir_group(adm);
         perm(0640);
         chain_hostnames(yes);
         stats(3600);
         use_fqdn(yes);
         use_dns(no);
         dns_cache(yes);
 };
 
 source s_local {
         file("/proc/kmsg" log_prefix("kernel: "));
         unix-stream("/dev/log");
         internal();
 };
 
 source s_sown{
         tcp(ip(10.13.0.253) port(5100) max-connections(128));
 };
 source s_sownpub{
         tcp(ip(152.78.189.83) port(5100) max-connections(128));
 };
 
 destination d_localMessages {
         file("/var/log/messages"
                 template("$ISODATE $HOST <$FACILITY.$PRIORITY> $MSG\n")
                 template_escape(no)
         );
 }; 
 destination d_archive {
         file("/home/log-archive/$R_YEAR/$R_MONTH/$R_DAY-messages"
                 template("$ISODATE $HOST <$FACILITY.$PRIORITY> $MSG\n")
                 template_escape(no)
         );
 };
 
 destination d_mailLog {
       file("/var/db/maillog/mail.log"
                 template("$ISODATE $HOST <$FACILITY.$PRIORITY> $MSG\n")
                 template_escape(no)
             perm(0644)
             dir_perm(0755)
       );
 };
    
 destination d_wifiDriverFixDetect {
       program("/usr/local/bin/wifiDriverFixDetect.sh"
                 template("$ISODATE $HOST <$FACILITY.$PRIORITY> $MSG\n")
                 template_escape(no)
       );
 };

Services

snmpd

The logging options for SNMP are configured in /etc/default/snmpd; the default options are:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

This logs to syslog at the default warning level of LOG_NOTICE.

LOG_NOTICE logs every connection, in order not to fill up disks with log files we change it to the LOG_WARNING. Below is an example of the spam it generates.

2009-11-08T07:31:08+00:00 auth <daemon.info> snmpd[4571]: Connection from UDP: [10.13.0.0]:39163

We replace -Lsd with -LSwd. Both Ls and LS specify syslog, d specifies as a daemon, and w specifies warning.

SNMPDOPTS='-LSwd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
TRAPDOPTS='-LSwd -p /var/run/snmptrapd.pid'