PowerFlex: Send messages to rsyslog
Summary: This KB describes how to properly configure and use rsyslog with ScaleIO while emphasizing on how to split the various syslog severity levels into separate log files. The commands, file paths, and examples below were taken from a RedHat-based system (RHEL/CentOS) and may differ if using different Linux distributions as the rsyslog receiver. ...
Symptoms
Pre-requisites:
- An installed ScaleIO system
- The "rsyslog" package installed on the server is meant to receive the syslog messages.
Cause
.
Resolution
ScaleIO Configuration:
- Enable rsyslog message posting in ScaleIO:
scli --start_remote_syslog --remote_syslog_server_ip <IP> --remote_syslog_server_port <PORT_NUMBER> --syslog_facility <FACILITY_NUMBER>
- Confirm that the configuration is correct by querying the rsyslog settings:
scli --query_remote_syslog
Note: this is only done on the primary MDM. The values copy over to the new primary MDM when a failover occurs.
Rsyslog host Configuration:
- Verify that the rsyslog package is installed:
rpm -qa rsyslog
- Verify that the rsyslog is up and running:
ps -ef | grep -i rsyslog | grep -v grep
- Configure the /etc/rsyslog.conf file according to the following examples:
local6.info;local6.debug;local6.warn /var/log/syslog.log local6.err /var/log/syslog.err local6.crit /var/log/syslog.crit
In the example above, the facility code #22 was used, which is represented by "local6" in the rsyslog.conf file.
The syntax is following: "FACILITY.SEVERITY /path/to/log/file"
In order to log ONLY the messages of "Error" severity, use: "local6.err /var/log/syslog.err"
In order to send multiple severity levels into a single file: "local6.info;local6.debug;local6.warn /var/log/syslog.log".
Review Appendix A for the full list of the facility codes and representations, we would use anything between 16 and 23 as our "custom" facility for ScaleIO logging.
- Once done editing the /etc/rsyslog.conf file, restart the rsyslog service:
systemctl restart rsyslog (RHEL/CentOS 7.x) service rsyslog restart (RHEL/CentOS 6.x)
Appendix A:
This appendix includes the URL to the full Syslog protocol RFC and a listing of facility code numbers and their "localX" representations to be used in the /etc/rsyslog.conf file.
http://tools.ietf.org/html/rfc5424
0 kernel messages
1 user-level messages
2 mail system
3 system daemons
4 security/authorization messages
5 messages generated internally by syslogd
6 line printer subsystem
7 network news subsystem
8 UUCP subsystem
9 clock daemon
10 security/authorization messages
11 FTP daemon
12 NTP subsystem
13 log audit
14 log alert
15 clock daemon (note 2)
16 local use 0 (local0)
17 local use 1 (local1)
18 local use 2 (local2)
19 local use 3 (local3)
20 local use 4 (local4)
21 local use 5 (local5)
22 local use 6 (local6)
23 local use 7 (local7)