Sébastien Han

Stacker! Cepher! What's next?

Openstack and rsyslog

I don’t want to see my logs poluted by INFO messages saying “hey, I’m running!”. No thanks, it burns my I/O cycles for nothing. If it doesn’t work I have a monitoring system for that and if it’s broken I simply change the log level to DEBUG. Of course it’s personal thoughts, however for those you who are interested just click ;-).

I. OpenStack logs

I.1. Nova

Nova flags that changes Nova log behavior:


And then restart target services.

R Note: you can also use /etc/nova/logging.conf to precisely control the logging module. To enable it, you need to add the following flag to your nova.conf.


One section that you might want to play with is:

level = INFO
handlers = stderr
qualname = nova

Try put something like WARNING instead of INFO.

I.2. Keystone

See the keystone.conf file:

verbose = False
debug = False
use_syslog = True
syslog_log_facility = LOG_LOCAL0

I.3. Glance

See the glance-api.conf file:

verbose = False
debug = False
use_syslog = True
syslog_log_facility = LOG_LOCAL0

See the glance-registry file:

verbose = False
debug = False
use_syslog = True
syslog_log_facility = LOG_LOCAL0

I.4. Cinder

See the cinder.conf file:

verbose = False
debug = False
use_syslog = True
syslog_log_facility = LOG_LOCAL0

W Important: I advise you to configure one local facility per daemon, this provides better isolation and more flexibility. You migh want log certain facility at different level.

II. Rsyslog setup

Nowadays, Rsyslog comes by default in most of the distributions, so there is no need to install it.

II.1. Centralized log server

Centralized server minimal configuration:

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 1024

Create a filter rule on the master server which looks for an hostname called compute-01:

:hostname, isequal, "compute-01" /mnt/rsyslog/logs/compute-01.log

This was just an example if you want to segment log entries in compute nodes, one file per compute based on the hostname.

II.2. Client

Slave configuration, machine that sends out messages. Create a file /etc/rsyslog.d/60-nova.conf and append the following content:

# prevent debug from dnsmasq with the daemon.none parameter
*.*;auth,authpriv.none,daemon.none              -/var/log/syslog

Note that you can also log specific facility and level to a file:

local0.*                    -/var/log/nova-all.log

I am not a big fan of this solution because basically logs are written twice, in syslog and in the file you specified… If anybody knows how to redirect directly the message to a file without writting to syslog ;-).

Send messages to the central server, here I specified the facility LOCAL0 and a log level on ERROR, I don’t want to send out all the messages, it doesn’t make sense (at least for me^^):

local0.error    @@

Eventually restart your rsyslog daemon.

III. Bonus

OpenStack component flags behavior:

Flag Status Flag Log
Scenario verbose=true debug=true DEBUG, ERROR, WARNING, INFO
Scenario verbose=false debug=true DEBUG, ERROR, WARNING, INFO
Scenario verbose=true debug=false WARNING, INFO
Scenario verbose=false debug=false WARNING, ERROR

This was brief, rsyslog can be way more complicated than that, but I assume this little shot migh be enough for some of you. If you want to go further with rsyslog I expressly recommend this amazing white paper from Canonical. It found it clearer than the official documentation, at least a better structure. Enjoy your OpenStack centralized logs!