Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > v13.5 LTS > ST > Logging with rsyslog (v13.5 LTS) > Logging with rsyslog (v13.5 LTS) - Tutorial

Logging with rsyslog (v13.5 LTS) - Tutorial

 

Table of Contents    

Long Term Support

Stable, tested ServerTemplate assets

   ►  Tutorial

Objective

To launch a dedicated (rsyslog) logging server that can be used as a central logging destination for (client) servers across one or more deployments.

Prerequisites

The following are prerequisites for completing this tutorial:

  • Required user roles: library, actor, server_login, security_manager

Overview

The rsyslog ServerTemplate is useful for testing and development purposes. Launch a server that will become a central logging destination for collecting and viewing all logging data across all client servers. However, it is not designed for use in production environments because it currently does not support the use of volumes or continuous backups of log data. Log data is stored on the server's local ephemeral drive. If log data must persist after the logging server is terminated, you should consider using a third-party logging service or application such as Loggly or Splunk.

Steps

Create a Credential

A secure stunnel connection is established by using an SSL certificate and key for authentication purposes. Create a credential that contains both the SSL certificate and key.

See Create a New Credential. The value of the credential should look similar to the following example screenshot. (Click image to view full-sized version.)

screen-LOGGING_SSL_CRED_v1.png

Both the rsyslog server and its client servers will use the same credential for the SSL Certificate input.

Create a Security Group

If you are launching the rsyslog server in a cloud infrastructure that uses security groups for networking firewall permissions (e.g. Amazon EC2 or CloudStack), you must create a security group that is configured to accept logging data from its client servers.

  • Open port 514 (syslog) to any IP address over the UDP (default) protocol.


See Create a New EC2 Security Group. (Requires 'security_manager' user role privileges.)

Create an Assignable IP Address

If you are launching the rsyslog server in a cloud infrastructure that supports assignable (remappable) IP addresses, it's strongly recommended that you assign one to the rsyslog server so that you will not have to update a DNS record after each time the logging server is launched/relaunched.

See Create Elastic IPs (EIP).

Create a Deployment

Although you can set up an rsyslog server to service a single deployment, you may find it more useful to have a single logging server to service all client servers across all deployments. Therefore, it's recommended that you create a separate deployment specifically for launching the rsyslog server and name it accordingly. (e.g. Logging)

See Create a New Deployment.

Add a Server

  1. Go to the MultiCloud Marketplace (Design MultiCloud Marketplace > ServerTemplates) and import the most recently published revision of the following ServerTemplate into the RightScale account.
  2. Click the ServerTemplate's Add Server button and add a server to the deployment you just created. Under the "Server Details" section of the wizard, be sure to select the previously created security group and assignable IP address (if applicable). See Add Server Assistant for details.

Configure the Inputs

  1. Set the following inputs at the deployment level.


LOGGING

Input Name Description Example Value
SSL Certificate

Specify the SSL Certificate to enable authentication with stunnel. Select the credential that contains this sensitive information. It must contain both the SSL certificate and key.

Note: The same credential should be used by both the syslog server and its clients.

cred: LOGGING_SSL_CRED
Logging Protocol

The IP protocol used to send logging messages from clients to the logging server. Clients will send their log data to the rsyslog server on port 514 (syslog). Specify which protocol to use.

  • UDP (default)
  • TCP
text:  udp

Launch the Server

  1. Launch the logging rsyslog server.

Create DNS Record (optional)

It's recommended that you set up a DNS record (e.g. syslog.example.com) that points to the rsyslog server's public IP address.

Connect Client Servers

Once the rsyslog server is operational, you can start connecting servers that will become clients of the logging server.

  1. Specify the following inputs for the client servers.
  • For inactive servers, set these inputs at the deployment level for inheritance purposes so that all servers in a deployment will connect to the logging server at boot time.
  • For active (operational) servers, you must set these inputs at the server level and then run the logging::default boot script to establish the connection with the logging server.


LOGGING

Input Name Description Example Value
SSL Certificate Specify the SSL Certificate to enable authentication with stunnel. Create a credential that contains both the SSL certificate and key. The same credential should be used by both the syslog server and its clients. cred: LOGGING_SSL_CRED
Logging Protocol

The IP protocol used to send logging messages from clients to the logging server. Clients will send their log data to the rsyslog server on port 514 (syslog). Specify which protocol to use.

  • UDP (default)
  • TCP
text:  udp
Remote Server

Specify the FQDN or IP address that the client servers will use to send their logging data. The FQDN or IP address should resolve to the logging server or service.

Important! Make sure the logging server/service is configured to accept requests from the client servers.

text:  syslog.example.com

text: 192.168.0.1

View the Logs

  1. SSH into the rsyslog server.
  2. Switch to the 'root' user.

Note: When issuing the 'sudo' command, you may need the 'server_superuser' permission granted to your Rightscale user (Settings > Account settings > Users). Otherwise, the sudo command may not grant you access to the root user depending on the image being used:

# sudo -i
  1. View the log files. If the logging server is servicing multiple clients, use the client's private IP address (if known, otherwise the public IP will be displayed) to identify the server to which the audit entry applies:
# tail -f /var/log/messages
...
Feb 13 17:39:26 ip-10-245-20-219 RightLink[1340]: 17:39:26:   Updating iptables rule for IP Address: 10.253.39.203
Feb 13 17:39:26 ip-10-245-20-219 RightLink[1340]: 17:39:26: ruby_block[Adding firewall rule] called
Feb 13 17:39:26 ip-10-245-20-219 RightLink[1340]: 17:39:26: Chef Run complete in 3.178113 seconds
Feb 13 17:39:26 ip-10-245-20-219 RightLink[23782]: [cook] Disconnecting from agent (4 responses pending)
Feb 13 17:39:26 ip-10-245-20-219 RightLink[1340]: SEND b1 [push v20] (394 bytes) <> <1bd563311b78c96f4cbf2bb1ef942d8d> /updater/update_inputs, persistent
Feb 13 17:39:26 ip-10-245-20-219 RightLink[23782]: [cook] Process stopping
Feb 13 17:39:28 ip-10-245-27-18 RightLink[2385]: Converging
Feb 13 17:39:28 ip-10-245-27-18 RightLink[2385]: 17:39:28: *** Chef 0.10.10.2 ***
Feb 13 17:39:29 ip-10-245-27-18 RightLink[18907]: Opening new HTTP connection to 169.254.169.254:80

Save the Log Files

Currently the ServerTemplate does not contain a script that will allow you to create a backup of the log files. The ServerTemplate is intended for development and testing purposes only. If you need to preserve audit log files for servers in your deployments, you should consider using third party logging services and applications such as Loggly or Splunk.

You must to post a comment.
Last modified
13:38, 11 Sep 2013

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.