Installation and Use of App Volumes Log Collection (2148180)
Currently, no method exists to collect Agent and Manager logs to a central location.
With the log collector, every agent and manager will periodically push their log files to a fileshare.
To start collecting logs, depending on the bit version, every Agent and Manager will call a bat file located at either:
- C:\Program Files (x86)\CloudVolumes\DctLogCollector\support.bat (32-bit)
- C:\Program Files\CloudVolumes\DctLogCollector\support.bat (64-bit)
The Agent and Manager are configured to periodically push the log files to a fileshare. If you need to manually collect logs, running the .bat file alone would also push log files to the fileshare.
Configuration of the Log Fileshare
- To create a Log Fileshare, go to http://localhost/log_fileshares/new and input these fields:
Log Fileshare Host name
This is host and folder name for your Log Fileshare.
For example, //10.33.99.231/uem/logs (Ensure that your path ends with a logs folder)
Log Fileshare Username
Username of the Log Fileshare
Log Fileshare Password
Password of the Log Fileshare
Log Fileshare Domain
Domain of the Log Fileshare
Log Fileshare Agent Time
The agent will periodically push log files to the fileshare. This parameter will help in setting how much time delay is required. Time is denoted in minutes.
Use to activate and deactivate the collection of Log Fileshares. The default is that the Log Fileshare collection is activated.
- To edit a Log Fileshare, go to http://localhost/log_fileshares/edit.
- To view and delete current Log Fileshare, go to http://localhost/log_fileshares.
Note: Currently, every setup can have only one Log Fileshare.
Agent log collection
After the Agent gets these details, the Agent will run the log collector periodically based on the time configured.
Manager log collection
The Manager has a ruby job running called collect_logs which will periodically call the support.bat file with the required parameters.
Switching off log collection
To deactivate log collection, uncheck the Is active checkbox in the Log Fileshare configuration page.
Running batch scripts on Agents and Managers
In Windows, no setup is required. The bat script is shipped with the Agent and Manager images. To collect Agent logs, ensure https is enabled; otherwise, this feature will be turned off in the Agent.
Note: The bat script needs administration privileges to run.
The bat script can be run from C:\Program Files (x86)\CloudVolumes\DctLogCollector\support.bat.
Parameters for support.bat
Destination of the log files on the machine
Location of the folder on hostname of the fileshare
For example, \\xx.xx.xx.xx\logs (Ensure that the folder named logs exists)
Username of the fileshare owner
Domain under which the fileshare is located
Password of the username for the fileshare owner
Example of running the script:
support.bat -destination C:\Logs -fhhost \\10.33.99.231\uem\logs -fhdomain domain -fhuname username -fhpwd password
After log collection
After collecting logs to a central fileshare, these steps are carried out:
- Fluentd parses and filters these log files and routes them to ElasticSearch for real-time data analysis and Amazon S3 for archiving.
- ElasticSearch indexes real-time data, and Kibana is used to reveal insight from this data.
- The rule-based engine is a Key-Value pair engine. Key is the pattern to match, and Value is the action to take. The action can be a command line script, a python script, email or a slack message.
- https://github.com/Yelp/elastalert- The rule engine being used for rule-based engines.