Logging for Satellite
Integrate Satellite and other IBM Cloud resources with IBM® Log Analysis to get a comprehensive view and tools to manage all your resources.
Logging for your Satellite location and for the IBM Cloud services that run in your location must be set up separately. For example, to collect logs for your Satellite location setup, you enable a Log Analysis instance to collect platform logs in the same region that your location is managed from. Then, to collect logs for a Red Hat OpenShift on IBM Cloud cluster that runs in your Satellite location, you create a logging agent in your cluster to automatically collect and forward pod logs to a Log Analysis instance. Note that you can use the same Log Analysis instance to collect logs for both your Satellite location and services that run in your Satellite location.
Setting up Log Analysis for Satellite location platform logs
Forward and view logs that are automatically generated for your Satellite location setup in an IBM Log Analysis instance that is enabled for platform-level logs.
Enabling platform logs
If you already have a Log Analysis instance in the same IBM Cloud region that your Satellite location is managed from, and the Log Analysis instance is configured to collect platform logs, the logs that are generated for your Satellite location are automatically forwarded to this Log Analysis instance. Otherwise, follow these steps to set up Log Analysis for your Satellite location.
- Provision an IBM Log Analysis instance in the same IBM Cloud region that your Satellite location is managed from.
- Enable the instance for platform-level log collection. Note that within one region, only one Log Analysis instance can be enabled for platform logs collection.
Viewing logs for your Satellite location
Because the IBM Log Analysis instance is enabled for platform-level log collection, logs for all Log Analysis-integrated services are shown in the Log Analysis dashboard. You can apply filters to view only logs for your Satellite location.
- In the Logging dashboard, click Open Dashboard for your Log Analysis instance.
- In the Filters toolbar, click Sources, select
satellite
, and click Apply. The logs for all your Satellite locations in the region are shown. - To filter for a specific Satellite location, click Apps in the Filters toolbar, select the CRN for your Satellite location, and click Apply. To identify the CRN for your location, get your location ID by
running
ibmcloud sat location ls
, look for this location's ID at the end of the listed CRNs.
For more tips on identifying logs in the dashboard, review how you can search and filter logs.
Analyzing logs for your Satellite location
Use logs that are automatically generated for your Satellite location to monitor and maintain its health.
How often are logs posted?
Logs are collected for your location and posted every 60 seconds.
What kinds of logs are collected?
By default, three types of logs are automatically generated for your Satellite location: R00XX
-level error messages, the status of whether resource deployment to the location is enabled,
and the status of Satellite Link. Review the following sections for an example of each log type and descriptions of each log field.
How can I set up alerts for location error logs?
You can use the built-in Log Analysis dashboard tools to save log searches and set up alerts for certain types of logs, such as errors.
- To filter for a specific Satellite location, click Apps in the Filters toolbar, select the CRN for your Satellite location, and click Apply. To identify the CRN for your location, look for the location's ID at the end of the CRN.
- Search for a specific query that you want an alert for. For example, to be alerted for any logs that contain
R00XX
-level location error messages, search forR00
. To be alerted for Satellite Link health check failures, search forFailed to reach endpoint
. - Click Unsaved view > Save as new view. Add a name and an optional category.
- In the Alert drop-down list, select View-specific alert and follow the steps for the notification channel that you selected to configure a custom alert for this log query.
- Click Save view.
Is IBM alerted for any of these logs?
The IBM Cloud Monitoring component generates certain alerts for issues with your location setup and host infrastructure. To review the alerts that IBM monitors, see IBM monitoring to resolve and report location alerts.
R00XX
error logs
R00XX
error logs report messages and more detailed information about issues with your location setup and host infrastructure. For more information about each R00XX
error message, including troubleshooting steps, see
Location error messages.
Example log
{"logSourceCRN":"crn:v1:bluemix:public:satellite:us-south:a/f601ad712b0dd981276cf3b995554afc:c1hk4ek107l5au5mq8hg::","saveServiceCopy":true,"Details":{"message":"R0025: The Satellite location has OpenShift clusters in critical health.","errorDetails":"Customer etcd cluster moved down to 1 or less available pods. Quorum broke. Manual recovery of cluster needed.","messageID":"R0025"}}
Log field | Description |
---|---|
logSourceCRN |
The CRN of the Satellite location. To identify the CRN for a location, look for the location's ID at the end of the CRN. |
saveServiceCopy |
Set to true so that a copy of the log record is sent to IBM for monitoring and alerts. |
Details |
The detailed information for log. |
Details.message |
The current error message for the location, including any troubleshooting steps or documentation links. |
Details.errorDetails |
Other details for the current error, such as specific causes or issues with certain components. These details are used by IBM site reliability engineers to manage alerts, but can help provide more details about the issue while you troubleshoot. |
Details.messageID |
The error message's R00XX identifier. |
Enablement of resource deployment logs
Enablement of resource deployment logs report the current status of whether resources such as hosts, clusters, or Satellite-enabled IBM Cloud service instances can be changed or deployed in your location, and the reason for this status. For example, resource deployment might be set to false due to one or more location errors.
Example log
{"logSourceCRN":"crn:v1:bluemix:public:satellite:us-south:a/f601ad712b0dd981276cf3b995554afc:c1hk4ek107l5au5mq8hg::","saveServiceCopy":true,"message":"Enablement of resource deployment in the location is set false due to R0012: The location control plane does not have hosts in all 3 zones. Add available hosts to your location for the control plane. R0025: The Satellite location has OpenShift clusters in critical health."}
Log field | Description |
---|---|
logSourceCRN |
The CRN of the Satellite location. To identify the CRN for a location, look for the location's ID at the end of the CRN. |
saveServiceCopy |
Set to true so that a copy of the log record is sent to IBM for monitoring and alerts. |
message |
The status of whether resource deployment is currently enabled (true or false ). If set to false , the current R00XX -level error messages for the location are listed. |
Endpoint health status logs
Endpoint health status logs report the current health check status of the Satellite Link tunnel server endpoint. For more information, see Why is IBM Cloud unable to check my location's health?.
- If logs report
Successfully checked endpoint
, your Satellite Link tunnel server endpoint is reachable and healthy. - If logs report
Failed to reach endpoint
, your Satellite Link tunnel server endpoint is unreachable.
Example log
{"logSourceCRN":"crn:v1:bluemix:public:satellite:us-east:a/6ef045fd2b43266cfe8e6388dd2ec098:c0rcidjw0s3rf9v8sms0::","saveServiceCopy":true,"message":"Endpoint health status: Failed to reach endpoint. Get \"http://c-03.us-east.link.satellite.cloud.ibm.com:32900\": read tcp 172.XX.XXX.XXX:58564-\u003e166.9.XX.XXX:32900: read: connection reset by peer. Endpoint: http://c-03.us-east.link.satellite.cloud.ibm.com:32900"}
Log field | Description |
---|---|
logSourceCRN |
The CRN of the Satellite location. To identify the CRN for a location, look for the location's ID at the end of the CRN. |
saveServiceCopy |
Set to true so that a copy of the log record is sent to IBM for monitoring and alerts. |
message |
The status of whether your Satellite Link tunnel server endpoint is reachable, and the endpoint that was health checked. |
Setting up Activity Tracker for Satellite location events
To track how users and applications interact with your Satellite location, IBM Cloud Satellite automatically generates user-initiated management events and forwards these event logs to IBM Cloud® Activity Tracker.
To access these logs, provision an instance of IBM Cloud Activity Tracker in the same region that your location is managed from. For more information about the types of Satellite events that you can track, see Auditing events for Satellite.
Setting up logging for clusters
To understand and set up logging for Red Hat OpenShift clusters that run in your Satellite location, see the tutorials in the IBM Log Analysis documentation.
You cannot currently use the Red Hat OpenShift on IBM Cloud console or the observability plug-in CLI (ibmcloud ob
) to enable logging for Satellite clusters. You must manually deploy logging agents to your cluster to forward logs to Log Analysis.
Enabling a logging instance in your cluster
To enable a logging instance in your Satellite cluster, you must manually install the logging agent in the cluster.
-
Create a new logging instance or locate an existing one that you want to install in your cluster. The logging instance must be in the same region where your cluster's Satellite location is managed from.
-
From the Logging page, click on the logging instance.
-
Click on Logging sources and navigate to the Red Hat OpenShift tab.
-
Follow the instructions in the Red Hat OpenShift tab to install the logging agent. Step 5 Install the OpenShift DaemonSet mentions YAML files for Public Endpoint and Private Endpoint. You can manually edit those YAML files (
agent-resources-openshift.yaml
andagent-resources-openshift-private.yaml
) to use thesatellite-logdna
link endpoint address so that you don't need to open up new firewall rules.