Set Up Continuous Log Collection From Your Hosts
To continuously collect log data from your entities, install the Management Agent on your host. Before that, ensure that you have completed the prerequisite tasks for using the Management Agents.
Topics:
Permission Required for Setting Up Continuous Log Collection
When you perform the prerequisites for deploying Management Agents in the step Install Management Agents, you will create the required compartment, user group for Logging Analytics users, and create IAM policies to install the Management Agents. As part of the prerequisites, ensure that the following policies are created for your user group:
ALLOW GROUP Logging-Analytics-User-Group TO MANAGE management-agents IN COMPARTMENT <compartment_name>
ALLOW GROUP Logging-Analytics-User-Group to MANAGE management-agent-install-keys IN TENANCY
ALLOW GROUP Logging-Analytics-User-Group TO READ METRICS IN COMPARTMENT <compartment_name>
ALLOW GROUP Logging-Analytics-User-Group TO READ USERS IN TENANCY
In the above example policy statements, Logging-Analytics-User-Group
is
an example user group.
Also, create a dynamic group for the Management Agents if it already doesn't
exist, for example Management-Agent-Dynamic-Group
:
ALL {resource.type='managementagent', resource.compartment.id='<management_agent_compartment_OCID>'}
Create IAM policies for Management-Agent-Dynamic-Group
to
enable log collection and metrics generation:
ALLOW DYNAMIC-GROUP Management-Agent-Dynamic-Group TO USE METRICS IN TENANCY
ALLOW DYNAMIC-GROUP Management-Agent-Dynamic-Group TO {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} IN TENANCY
Grant READ Access of the Logs to the Agent User on Your Host
While deploying the management agents for using Oracle Cloud Logging Analytics on UNIX-based hosts, ensure that the management agent has the correct privileges to read the log files from where data has to be collected.
You can use one of the following ways (in order of best practice) to make the log files readable to the management agent:
-
Use Access Control Lists (ACLs) to enable the cloud agent user to read the log file path and log files. An ACL provides a flexible permission mechanism for file systems. Ensure that the full path to the log files is readable through the ACL.
To set up an ACL in a UNIX-based host:
-
Determine whether the system that contains the log files has the
acl
package:rpm -q acl
If the system contains the
acl
package, then the previous command should return:acl-2.2.39-8.el5
If the system doesn’t have the
acl
package, then download and install the package. -
Grant the management agent user READ access to the required log file:
setfacl -m u:<agentuser>:r <path to the log file/log file name>
Grant the cloud agent user READ access to the leading path or folders by running the following command:
setfacl -R -m u:<agentuser>:r <path to the parent folder of the log file>
-
-
Place the management agent and the product that generates the logs in the same user group, and make the files readable to the entire group. Restart the agent.
-
Make the log files readable to all users. For example,
chmod o+r <file>
.You may have to give executable permission to the parent folders. For example,
chmod o+rx <parent folder>
.
Install Management Agents
See Oracle Management Agents Documentation to complete the following tasks:
-
Perform prerequisites for deploying Management Agents
-
Install Management Agent
After you install the Management Agent, complete the following Logging Analytics specific tasks to start the log collection:
-
Map your entities to your agent: Create your entities and select the Management Agent that was installed to associate the agent with this entity. See Create an Entity to Represent Your Log-Emitting Resource. You can also edit an existing entity and add the agent.
The management agent connects to the following endpoints for Oracle Cloud Logging Analytics operations:
- Upload the logs and log collection warning:
https://loganalytics.<region>.oci.oraclecloud.com/<additional_part_pertaining_to_the_operation>
- Metrics:
https://telemetry-ingestion.<region>.oraclecloud.com/<additional_part_pertaining_to_the_operation>
In the above endpoints, region
is the identifier
for your region, for example, us-ashburn-1
.
Monitor Your Continuous Log Collection
After you complete the set up for continuous log collection, the Management Agent installed on your host emits information about the size of log data that it is uploading to Logging Analytics and errors encountered, if any.
This data is displayed for each log source with the following agent log collection metrics:
-
Agent Data Upload Size (
logCollectionUploadDataSize
): The size of the log data collected through the Management Agent for each log source. -
Agent Data Upload Errors (
logCollectionUploadFailureCount
): The count of errors occurred for each log source during the log collection and the type of errors.
To access the Agent Data Upload Size and Agent Data Upload Errors metrics, see Monitor Logging Analytics Using Service Metrics.
To modify the filters applied on the metrics data, you can view the metrics in the metrics explorer and change the metrics dimensions:
-
Click the Options menu on the top right corner of the agent log collection metric, and select View in Metric Explorer.
The metric is now displayed in the Metrics Explorer. Here, you can view the chart in finer detail.
-
Click Edit Queries and select Dimension Name and Dimension Value for the metric. For example, if you want to view the upload data size for a specific host
host123
, then select the metric namelogCollectionUploadDataSize
, dimension name asagentHostName
and the dimension value ashost123
.Click Update Chart to refresh the chart visualization. The chart will now display only the upload data size for the specified host.
Similarly, if you want to view the number of upload errors encountered of the type
LogGroupPolicyError
, then select the metric namelogCollectionUploadFailureCount
, dimension name aserrorCode
and the dimension value asLogGroupPolicyError
.Click Update Chart to refresh the chart visualization. The chart will now display the count of upload errors of the specified type for the specified period.
You can switch to the Data Table view for a tabular representation of the data points in the metrics.
Following are the dimensions available to filter the metric data:
Dimension | Metrics | Details |
---|---|---|
agentHostName |
logCollectionUploadDataSize ,
logCollectionUploadFailureCount |
The name of the host on which Management Agent is installed |
logGroup |
logCollectionUploadDataSize ,
logCollectionUploadFailureCount |
The log group in which the log collection happens |
logSourceType |
logCollectionUploadDataSize ,
logCollectionUploadFailureCount |
The log source type, which can be
|
resourceId |
logCollectionUploadDataSize ,
logCollectionUploadFailureCount |
The OCID of the Management Agent |
errorCode |
logCollectionUploadFailureCount |
The error reported by the Management Agent |
Following are the various types of errors reported by the Management Agent in
the logCollectionUploadFailureCount
metric for the dimension
errorCode
:
Error Type | Description | Recommended Fix |
---|---|---|
|
Occurs due to authorization failure during log upload. This is caused by incorrect IAM policies. HTTP status code: 404 |
Check the IAM policies you created for enabling continuous log collection and verify that the required permissions are given. See Permission Required for Setting Up Continuous Log Collection. |
|
Occurs when the Management Agent sends request with incorrect parameters. HTTP status code: 400 |
Contact Oracle Support with the Error Type information. |
|
Occurs when the Management Agent sends request with incorrect signature. HTTP status code: 401 |
|
|
Occurs when the Management Agent sends request with a payload which is larger than expected. HTTP status code: 413 |
|
TooManyRequests |
Occurs when the Management Agent sends requests which are more in number than what is defined in the endpoint configuration. HTTP status code: 429 |
|
InternalError |
Occurs when an unexpected exception crops up in the Management Agent. HTTP status code: 500 |
|
HTTP Error Code <error code> |
All other unexpected error codes returned on the log upload endpoint. |
For the actions that you can perform with each metric, see Actions for Service Metrics.