Centralizing the log is a method to redirect your log to a separate file and save it. Centralizing the log in a file is always helpful if you want to transmit it to a third-party application like Splunk or Logstash.
To check the status of the Chef Automate from deployment with channel and type, run the following command:
To view the logs, run the following command:
journalctl -u chef-automate -f
Click here to learn more about Log Management.
The Operating system has two modules that should be present in your environment:
- Log Rotate
The above modules come by default with all the operating systems we support.
Once you centralize the log, you can run the above command sparingly to check the log. The configuration to centralize the log in a file is shown below:
[global.v1.log] redirect_sys_log = true //centralize the log redirect_log_file_path = "PATH OF THE LOG FILE" //set the location of the log file. syntax: /var/tmp/
In the above specifications:
- Setting the property
redirect_sys_logto true will centralize the log in a document format.
- The default location of the log file is
/var/tmp/as shown above. You can save the log file in your desired locations and mention the location in the above
- The default value of
- If the value of
redirect_sys_logis set to true, it is necessary to mention the file’s location in the
redirect_log_file_pathproperty, or it will throw an error:
Please specify a log path location using redirect_log_file_path.
Once you have created the automate.log file, patch the above configurations to chef automate. Patching the configuration will start transmitting the
automate.log file wherever the location is specified in
sudo chef-automate config patch config.toml
The centralizing log also comes with log rotation with the following specifications:
[global.v1.log] redirect_sys_log = true ##centralize the log redirect_log_file_path = "/var/tmp/" ##set the location of the log file compress_rotated_logs = true ##compress the log file max_size_rotate_logs = "10M" ##set the max size of the file. syntax: 10M, 90k max_number_rotated_logs = 10 ##number of backup files to be stored
In the above specifications:
- To compress the logs, set the value of
compress_rotated_logsto true. The default value of
max_size_rotateproperty sets the limit after which you want to rotate the log. The default value of
max_size_rotateis 10M, i.e., the logs will rotate once the file size reaches the limit of 10Mb. You can also set the value of
max_number_rotated_logsproperty sets the number of file logs you want to save in your backup. Using this property, you can limit the number of backup files in your storage. The maximum number of log files you can store is 10 per day.
max_number_rotated_logsis 10M. If you don’t want to keep more than one log file in your storage, set the value of
To configure the centralizing log feature for OpenSearch in Chef Automate HA, run the following command:
chef-automate config patch --opensearch <file/path/to/toml>
To configure the centralizing log feature for PostgreSQL in Chef Automate HA, run the following command:
chef-automate config patch --postgresql <file/path/to/toml>
Splunk consolidates all the log data and pushes it to a central, accessible, easy-to-use interface. Here, the Splunk forwarder here will view the data outside the local environment. Assuming that you already have your Splunk forwarder installed, run the following command to start Splunk Universal forwarder:
[system@ABC]# cd splunkforwarder/bin [system@ABC]# ./splunk start --accept-license
The above command will start your spunk forwarder.
Now, edit the
inputs.conf file on your Splunk Forwarder as shown below:
[system@ABC]# ./splunk add monitor /var/tmp/automate.log
In the above command, /var/tmp/ is the location of the
automate.log, which you can change accordingly. Running the above command will show the following:
Added monitor of '/var/tmp/automate.log'
The above statement confirms that the value of the monitor in
input.conf has been updated to
var/tmp/automate.log. Open the
input.conf file just to confirm whether the content in the file is as expected. The expected content is:
[monitor:///var/tmp/automate.log] disabled = false
Restart your splunk forwarder using the following command:
[system@ABC]# ./splunk restart
The above step will let you view the
automate.log file in your splunk forwarder. Click here to know about the Splunk Forwarder.
Was this page helpful?