Logging with PowerVS
Use the IBM® Log Analysis service to monitor and manage logs from a PowerVS instance running RHEL in a centralized logging system on the IBM Cloud.
As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025. For information about IBM Cloud Logs, see the IBM Cloud Logs documentation.
You can collect and monitor system and application logs.
You can send logs to an IBM Log Analysis instance via Rsyslog.
-
TCP, UDP, and TCP+TLS are supported.
-
Use port 6514 when using TCP+TLS.
-
Use port 514 when using TCP or UDP.
-
Use a custom port if you cannot modify the message template for rsyslog with the logging instance information.
To configure syslog, you may need to enable a port to send logs via syslog to your logging instance. If you are using (a) the classic syslog protocol, (b) a custom port in
syslog-ng
, or (c) a custom port inrsyslog
, there is no authentication available and anyone with knowledge of the endpoint can submit logs to your instance. As a result, depending on your environment, your use of the classic syslog protocol or custom port configurations withsyslog-ng
orrsyslog
may present a significant security risk. Use these configurations at your organization's own risk. Validate with your compliance and security teams whether this security risk is acceptable to your organization.To disable a custom port, you can open an IBM support ticket. For information about opening an IBM support ticket, or about support levels and ticket severities, see Creating support cases.
-
-
The rsyslog default format, RFC 5424 and RFC 3164 are automatically parsed.
The rsyslog service must be installed on the PowerVS instance that you want to monitor. Rsyslog defaults to using TCP on port 514.
On the IBM Cloud, configure a PowerVS instance to forward logs to an Log Analysis instance by completing the following steps:
Prerequisites
- Use a user ID that is a member or an owner of an IBM Cloud account. To get an IBM Cloud user ID, go to: Registration.
Log Analysis
- Your IBMID must have assigned IAM policies for each of the following resources. For example, to work in the US-south region and in the default resource group, you need the following permissions:
Resource | Scope of the access policy | Role | Region | Information |
---|---|---|---|---|
Resource group Default | Resource group | Viewer | us-south | This policy is required to allow the user to see service instances in the Default resource group. |
IBM Log Analysis service | Resource group | Editor | us-south | This policy is required to allow the user to provision and administer the IBM Log Analysis service in the Default resource group. |
Provision a service instance of Log Analysis through the IBM Cloud console. For more information, see Provisioning an instance.
Power VS
-
Learn more about Using RHEL within the Power Systems Virtual Server service.
-
Provision a PowerVS instance that is connected to the public network and is registered with subscription manager. Learn more.
-
Enable syslog for your RHEL instance:
subscription-manager repos --enable rhel-8-for-ppc64le-supplementary-rpms
Get the Log Analysis instance ingestion data
To configure rsyslog, you need the following data:
-
The ingestion key of the Log Analysis instance. See Working with ingestion keys.
-
The region where the Log Analysis instance is provisioned.
Configure rsyslog in your PowerVS instance
Complete the following steps to configure rsyslog on Red Hat Enterprise Linux:
-
Log in as
root
. -
Modify the file
/etc/rsyslog.conf
. For example, you can use the vi editor to modify the file.Uncomment the following lines:
#module(load="imudp") #input(type="imudp" port="514") #module(load="imtcp") #input(type="imtcp" port="514")
Add the following lines at the end of the file:
#Save Deep Security Manager (DSM) logs to DSM.log Local4.* /var/log/DSM.log
Replace
Local4
with the value on your Manager settings.Save the file and exit.
-
Create the
/var/log/DSM.log
file and set the permissions so that syslog can write data into the file. Run the following command:touch /var/log/DSM.log
chmod 777 /var/log/DSM.log
-
Restart rsyslog. Run the following command:
systemctl restart rsyslog
-
Verify which ports rsyslog is listening to:
netstat -tnlp | grep rsyslog
-
Enter the following command as root to starts automatically rsyslog:
chkconfig rsyslog on
Configure Rsyslog to send logs to Log Analysis via TCP
Complete the following steps to configure Rsyslog to send logs to Log Analysis via TCP:
-
Add the following entries to
/etc/rsyslog.d/22-logdna.conf
.$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\"INGESTION-KEY\" tags=\"tag1,tag2\"] %msg%" *.* @@syslog-a.<REGION>.logging.cloud.ibm.com:514;LogDNAFormat
Where
INGESTION-KEY is the logging instance ingestion key. For more information, see Working with ingestion keys.
REGION must be set to the location where the logging instance is available. For more information about syslog endpoints, see Syslog endpoints.
-
Restart rsyslog.
systemctl restart rsyslog
Next steps
From the logging Web UI, you can view your logs as they pass through the system. You view logs by using log tailing.For more information, see Viewing logs.
With the Free service plan, you can only tail your latest logs.
Try out the following additional features:
To use any of these features, you must upgrade the IBM Log Analysis plan to a paid plan.