Share:

Sending log messages to a Syslog Server

 

CloudStack Logs are known for not being the easiest things to read, and when trouble shooting a difficult problem anything which makes life a little easier is very welcome.

By offloading the Management Log to a Syslog Server, Filters and Tagging can be used to greatly simplify the process of reading the log files.  In addition, depending on your choice of Syslog Server,  alerting rules can be configured to inform you of any problems which the built-in alerting engine may ignore.

The steps required to setup a Syslog Server are in the CloudStack Knowledge Base, but are not very clear and appear to be out of date.  By following these instructions, you should be able to get a Syslog Server up and running in a matter of minutes.

Using your favourite editor, edit the following file:

/etc/cloud/management/log4j-cloud.xml

Locate the section starting with
<appender name=”SYSLOG” class=”org.apache.log4j.net.SyslogAppender”>

The default settings will look something like this:

<appender name=”SYSLOG” class=”org.apache.log4j.net.SyslogAppender”>
   <param name=”Threshold” value=”WARN”/>
   <param name=”SyslogHost” value=”localhost”/>
   <param name=”Facility” value=”LOCAL6″/>
   <layout class=”org.apache.log4j.PatternLayout”>
      <param name=”ConversionPattern” value=”%-5p [%c{3}] (%t:%x) %m%n”/>
   </layout>
</appender>

You need to update this section so that it looks like this, but inserting the IP Address of your Syslog Server

<appender name=”SYSLOG” class=”org.apache.log4j.net.SyslogAppender”>
   <param name=”SyslogHost” value=”192.168.0.254“/>
   <param name=”Facility” value=”LOCAL0″/>
   <param name=”FacilityPrinting” value=”true”/>
   <param name=”Threshold” value=”DEBUG”/>
   <layout class=”org.apache.log4j.EnhancedPatternLayout”>
      <param name=”ConversionPattern” value=”%d{ISO8601} %-5p [%c{3}] (%t:%x) %m%n”/>
   </layout>
</appender>

Then find the section labelled “Setup the Root Category” and change <level value=”INFO”/> to <level value=”DEBUG”/>

Restart the Cloud-Management Service “service cloud-management restart” and then start monitoring your Syslog Server

If you don’t see any log messages on your syslog server. Verify that you have properly configured your syslog server to receive packets over UDP. And you may need to setup a rule on your syslog server for log messages as defined by the “Facility” parameter above. Refer to the documentation of your syslog server for more information.

 

About the Author

Geoff Higginbottom is CTO of ShapeBlue, the strategic cloud consultancy. Geoff spends most of his time designing private & public cloud infrastructures for telco’s, ISP’s and enterprises based on CloudStack.

 

Share:

Related Posts:

Apache CloudStack enables existing VMware users and gives an easy way for service providers to migrate to a fully open-source solution and eliminate vendor dependency.