Final Call ... XenServer Boot Media
-
I also took a look at the /var/log directory. There is a ton of stuff in there. It appears that XS7 is now archiving previous day logs. If that is the case, it might be OK on USB because it would always be writing to new areas, no?
-rw------- 1 root root 11128337 Sep 6 11:00 xensource.log -rw------- 1 root root 1439756 Sep 6 11:00 audit.log -rw------- 1 root root 835573 Sep 6 11:00 SMlog -rw------- 1 root root 7792 Sep 6 11:00 cron -rw------- 1 root root 73125 Sep 6 11:00 daemon.log -rw------- 1 root root 28967 Sep 6 10:56 xcp-rrdd-plugins.log -rw------- 1 root root 4999 Sep 6 10:53 secure -rw-r--r-- 1 root root 38273316 Sep 6 10:36 lastlog -rw-rw-r-- 1 root utmp 38016 Sep 6 10:36 wtmp drwxr-xr-x 2 root root 4096 Sep 6 04:02 xen -rw------- 1 root root 0 Sep 6 04:02 xenstored-access.log -rw-r--r-- 1 root root 0 Sep 6 04:02 boot.log -rw-r--r-- 1 root root 0 Sep 6 04:02 interface-rename.log -rw------- 1 root root 0 Sep 6 04:02 kern.log -rw------- 1 root root 0 Sep 6 04:02 maillog -rw------- 1 root root 0 Sep 6 04:02 messages -rw------- 1 root root 0 Sep 6 04:02 spooler -rw------- 1 root root 0 Sep 6 04:02 user.log -rw------- 1 root root 28610 Sep 6 04:02 cron.1 -rw------- 1 root root 244847 Sep 6 04:02 daemon.log.1 -rw------- 1 root root 186 Sep 6 04:02 user.log.1 -rw------- 1 root root 4951616 Sep 6 04:01 audit.log.1 -rw------- 1 root root 2876101 Sep 6 04:01 SMlog.1 -rw------- 1 root root 100512 Sep 6 04:00 xcp-rrdd-plugins.log.1 -rw------- 1 root root 25827200 Sep 6 00:39 xensource.log.1 drwxr-xr-x 2 root root 4096 Sep 6 00:00 sa -rw-r--r-- 1 root root 0 Sep 5 04:02 boot.log.1 -rw------- 1 root root 0 Sep 5 04:02 kern.log.1 -rw------- 1 root root 0 Sep 5 04:02 maillog.1 -rw------- 1 root root 0 Sep 5 04:02 messages.1 -rw------- 1 root root 0 Sep 5 04:02 secure.1 -rw------- 1 root root 0 Sep 5 04:02 spooler.1 -rw------- 1 root root 0 Sep 5 04:02 xenstored-access.log.1 -rw------- 1 root root 2440 Sep 5 04:02 cron.2.gz -rw------- 1 root root 8110 Sep 5 04:02 daemon.log.2.gz -rw-r--r-- 1 root root 0 Sep 5 04:02 interface-rename.log.1 -rw------- 1 root root 132 Sep 5 04:02 user.log.2.gz -rw------- 1 root root 409473 Sep 5 04:01 audit.log.2.gz -rw------- 1 root root 323003 Sep 5 04:01 SMlog.2.gz -rw------- 1 root root 2189 Sep 5 04:00 xcp-rrdd-plugins.log.2.gz -rw------- 1 root root 2112543 Sep 5 00:39 xensource.log.2.gz -rw-r--r-- 1 root root 20 Sep 4 04:02 boot.log.2.gz -rw------- 1 root root 20 Sep 4 04:02 kern.log.2.gz -rw------- 1 root root 20 Sep 4 04:02 xenstored-access.log.2.gz -rw------- 1 root root 2417 Sep 4 04:02 cron.3.gz -rw------- 1 root root 7605 Sep 4 04:02 daemon.log.3.gz -rw-r--r-- 1 root root 20 Sep 4 04:02 interface-rename.log.2.gz -rw------- 1 root root 20 Sep 4 04:02 maillog.2.gz -rw------- 1 root root 20 Sep 4 04:02 messages.2.gz -rw------- 1 root root 20 Sep 4 04:02 secure.2.gz -rw------- 1 root root 20 Sep 4 04:02 spooler.2.gz -rw------- 1 root root 135 Sep 4 04:02 user.log.3.gz -rw------- 1 root root 409148 Sep 4 04:01 audit.log.3.gz -rw------- 1 root root 323042 Sep 4 04:01 SMlog.3.gz -rw------- 1 root root 2192 Sep 4 04:00 xcp-rrdd-plugins.log.3.gz -rw------- 1 root root 2112497 Sep 4 00:39 xensource.log.3.gz -rw------- 1 root root 20 Sep 3 04:02 xenstored-access.log.3.gz -rw-r--r-- 1 root root 20 Sep 3 04:02 boot.log.3.gz -rw-r--r-- 1 root root 20 Sep 3 04:02 interface-rename.log.3.gz -rw------- 1 root root 20 Sep 3 04:02 kern.log.3.gz -rw------- 1 root root 20 Sep 3 04:02 maillog.3.gz -rw------- 1 root root 20 Sep 3 04:02 messages.3.gz -rw------- 1 root root 20 Sep 3 04:02 secure.3.gz -rw------- 1 root root 20 Sep 3 04:02 spooler.3.gz -rw------- 1 root root 2386 Sep 3 04:02 cron.4.gz -rw------- 1 root root 7599 Sep 3 04:02 daemon.log.4.gz -rw------- 1 root root 132 Sep 3 04:02 user.log.4.gz -rw------- 1 root root 409287 Sep 3 04:01 audit.log.4.gz -rw------- 1 root root 323073 Sep 3 04:01 SMlog.4.gz -rw------- 1 root root 2195 Sep 3 03:59 xcp-rrdd-plugins.log.4.gz -rw------- 1 root root 2113429 Sep 3 00:39 xensource.log.4.gz -rw------- 1 root root 509 Sep 2 13:40 secure.4.gz -rw-r--r-- 1 root root 20 Sep 2 04:02 boot.log.4.gz -rw------- 1 root root 20 Sep 2 04:02 kern.log.4.gz -rw------- 1 root root 20 Sep 2 04:02 maillog.4.gz -rw------- 1 root root 20 Sep 2 04:02 messages.4.gz -rw------- 1 root root 20 Sep 2 04:02 spooler.4.gz -rw------- 1 root root 20 Sep 2 04:02 xenstored-access.log.4.gz -rw------- 1 root root 2415 Sep 2 04:02 cron.5.gz -rw------- 1 root root 7695 Sep 2 04:02 daemon.log.5.gz -rw-r--r-- 1 root root 20 Sep 2 04:02 interface-rename.log.4.gz -rw------- 1 root root 132 Sep 2 04:02 user.log.5.gz -rw------- 1 root root 409466 Sep 2 04:01 audit.log.5.gz -rw------- 1 root root 323045 Sep 2 04:01 SMlog.5.gz -rw------- 1 root root 2184 Sep 2 03:59 xcp-rrdd-plugins.log.5.gz -rw------- 1 root root 2113136 Sep 2 00:39 xensource.log.5.gz -rw------- 1 root root 684 Sep 1 15:18 secure.5.gz -rw------- 1 root root 128 Sep 1 15:18 kern.log.5.gz -rw------- 1 root utmp 384 Sep 1 11:27 btmp -rw------- 1 root root 20 Sep 1 04:02 xenstored-access.log.5.gz -rw-r--r-- 1 root root 20 Sep 1 04:02 boot.log.5.gz -rw-r--r-- 1 root root 20 Sep 1 04:02 interface-rename.log.5.gz -rw------- 1 root root 20 Sep 1 04:02 maillog.5.gz -rw------- 1 root root 20 Sep 1 04:02 messages.5.gz -rw------- 1 root root 20 Sep 1 04:02 spooler.5.gz -rw------- 1 root root 2406 Sep 1 04:02 cron.6.gz -rw------- 1 root root 8042 Sep 1 04:02 daemon.log.6.gz -rw------- 1 root root 132 Sep 1 04:02 user.log.6.gz -rw------- 1 root root 409421 Sep 1 04:01 audit.log.6.gz -rw------- 1 root root 323078 Sep 1 04:01 SMlog.6.gz -rw------- 1 root root 2208 Sep 1 03:58 xcp-rrdd-plugins.log.6.gz -rw------- 1 root root 2113430 Sep 1 00:39 xensource.log.6.gz
-
Yeah, until you run out of space. Space is the bigger issue than running out of read/write ares on the flash.
-
@BRRABill said in Final Call ... XenServer Boot Media:
In 6.5, the configuration was located in /var/lib/syslong.conf, as stated in that article.
Actually the article said that it was NOT this for 6.5. The article never looked past 6.2 and didn't know where it had moved to.
-
@BRRABill said in Final Call ... XenServer Boot Media:
So seeing this, what would you think the next logical step would be to accomplish what I want.
And by association, what anyone running XS off USB would want?
Well, the current file (before you add the remote) tells all of those things to log to the local files. Then you add a line that tells it to, after writing to individual local files, also send copies to the remote syslog server.
So if you don't want it to write locally, you comment out each of the lines that tell it what to write locally. It should be that simple. Adding the remote tells it to send the logs, but in no ways tells it NOT to change the local writing. Just comment out the local writing.
-
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The
*.*
(at the very end) what purpose does that server?That last thing is some kind of catchall.
-
@DustinB3403 said in Final Call ... XenServer Boot Media:
The
*.*
(at the very end) what purpose does that server?I would guess that this line is what is controlling the local logging. I would remove or comment it out to test this theory.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
So seeing this, what would you think the next logical step would be to accomplish what I want.
And by association, what anyone running XS off USB would want?
Well, the current file (before you add the remote) tells all of those things to log to the local files. Then you add a line that tells it to, after writing to individual local files, also send copies to the remote syslog server.
So if you don't want it to write locally, you comment out each of the lines that tell it what to write locally. It should be that simple. Adding the remote tells it to send the logs, but in no ways tells it NOT to change the local writing. Just comment out the local writing.
Right, and that is what gets overwritten.
Let me try it and see what happens.
I'll report right back.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
So seeing this, what would you think the next logical step would be to accomplish what I want.
And by association, what anyone running XS off USB would want?
Well, the current file (before you add the remote) tells all of those things to log to the local files. Then you add a line that tells it to, after writing to individual local files, also send copies to the remote syslog server.
So if you don't want it to write locally, you comment out each of the lines that tell it what to write locally. It should be that simple. Adding the remote tells it to send the logs, but in no ways tells it NOT to change the local writing. Just comment out the local writing.
Right, and that is what gets overwritten.
Let me try it and see what happens.
I'll report right back.
Wow, it kept the settings. That is promising!
-
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
So seeing this, what would you think the next logical step would be to accomplish what I want.
And by association, what anyone running XS off USB would want?
Well, the current file (before you add the remote) tells all of those things to log to the local files. Then you add a line that tells it to, after writing to individual local files, also send copies to the remote syslog server.
So if you don't want it to write locally, you comment out each of the lines that tell it what to write locally. It should be that simple. Adding the remote tells it to send the logs, but in no ways tells it NOT to change the local writing. Just comment out the local writing.
Right, and that is what gets overwritten.
Let me try it and see what happens.
I'll report right back.
Wow, it kept the settings. That is promising!
So show us your log config file. Was this on XS6.5 or XS7?
-
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
So seeing this, what would you think the next logical step would be to accomplish what I want.
And by association, what anyone running XS off USB would want?
Well, the current file (before you add the remote) tells all of those things to log to the local files. Then you add a line that tells it to, after writing to individual local files, also send copies to the remote syslog server.
So if you don't want it to write locally, you comment out each of the lines that tell it what to write locally. It should be that simple. Adding the remote tells it to send the logs, but in no ways tells it NOT to change the local writing. Just comment out the local writing.
Right, and that is what gets overwritten.
Let me try it and see what happens.
I'll report right back.
Wow, it kept the settings. That is promising!
So show us your log config file. Was this on XS6.5 or XS7?
On XS7.
I'm keeping an eye on /var/log to see if anything writes there first.
-
Most of the files seem to have stopped.
It's these files I am watching...
-rw-r--r-- 1 root root 38273316 Sep 6 11:25 lastlog -rw-rw-r-- 1 root utmp 43776 Sep 6 11:25 wtmp -rw------- 1 root utmp 768 Sep 6 11:21 btmp drwxr-xr-x 2 root root 4096 Sep 6 11:20 blktap -rw-r--r-- 1 root root 792 Sep 6 11:16 ovs-xapi-sync.log -rw-r--r-- 1 root root 2628 Sep 6 11:15 ovs-ctl.log -rw-r--r-- 1 root root 1784 Sep 6 11:14 restoreeswitchcfg.log -rw-r--r-- 1 root root 348 Sep 6 11:14 interface-rename.log -rw-r--r-- 1 root root 128 Sep 6 11:14 xenstored.log -rw-r--r-- 1 root root 11212 Sep 6 11:14 boot.log
-
@BRRABill updates....updates....
-
awesome.. where are you sending the logs? to an ELK or Greylog server?
-
@Dashrender said in Final Call ... XenServer Boot Media:
awesome.. where are you sending the logs? to an ELK or Greylog server?
Graylog.
However, my Graylog server that was working two weeks ago is now longer no longer working.
So, trying to remedy that.
-
Looking good still..
Tue Sep 6 12:01:23 EDT 2016 [root@xenserver-test-reinstall log]# ls -l -t total 113832 -rw-r--r-- 1 root root 38273316 Sep 6 11:25 lastlog -rw-rw-r-- 1 root utmp 43776 Sep 6 11:25 wtmp -rw------- 1 root utmp 768 Sep 6 11:21 btmp drwxr-xr-x 2 root root 4096 Sep 6 11:20 blktap -rw-r--r-- 1 root root 792 Sep 6 11:16 ovs-xapi-sync.log -rw-r--r-- 1 root root 2628 Sep 6 11:15 ovs-ctl.log -rw-r--r-- 1 root root 1784 Sep 6 11:14 restoreeswitchcfg.log -rw-r--r-- 1 root root 348 Sep 6 11:14 interface-rename.log -rw-r--r-- 1 root root 128 Sep 6 11:14 xenstored.log -rw-r--r-- 1 root root 11212 Sep 6 11:14 boot.log
-
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
-
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
What, why did it stop?