This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

  • 1:
    • 2:
      • 3:

        Manage Agent Log Levels

        Sysdig allows you to configure file log levels for agents globally and granularly.

        1 -

        Change Agent Log Level Globally

        The Sysdig agent generates log entries in /opt/draios/logs/draios.log. The agent will rotate the log file when it reaches 10MB in size, keeping the 10 most recent log files archived with a date-stamp appended to the filename.

        In order of increasing detail, the log levels available are: [ none | critical| error | warning |notice | info | debug | trace ].

        The default level (info) creates an entry for each aggregated metrics transmission to the backend servers, once per second, in addition to entries for any warnings and errors.

        Setting the value lower than info may prohibit troubleshooting agent-related issues.

        The type and amount of logging can be changed by adding parameters and log level arguments shown below to the agent’s user settings configuration file here:

        /opt/draios/etc/dragent.yaml

        After editing the dragent.yaml file, restart the agent at the shell with: service dragent restart to affect changes.

        Note that dragent.yaml code can be written in both YAML and JSON. The examples below use YAML.

        File Log Level

        When troubleshooting agent behavior, increase the logging to debug for full detail:

        log:
          file_priority: debug
        

        If you wish to reduce log messages going to the /opt/draios/logs/draios.log file, add the log: parameter with one of the following arguments under it and indented two spaces: [ none | error | warning | info | debug | trace ]

        log:
          file_priority: error
        

        Container Console Logging

        If you are running the containerized agent, you can also reduce container console output by adding the additional parameter console_priority:with the same arguments [ none | error | warning | info | debug | trace ]

        log:
          console_priority: warning
        

        Note that troubleshooting a host with less than the default ‘info’ level will be more difficult or not possible. You should revert to ‘info’ when you are done troubleshooting the agent.

        A level of ‘error’ will generate the fewest log entries, a level of ‘trace’ will give the most, ‘info’ is the default if no entry exists.

        Example in dragent.yaml

        customerid: 831f3-Your-Access-Key-9401
        tags: local:sf,acct:eng,svc:websvr
        log:
         file_priority: warning
         console_priority: info
        

        OR

        customerid: 831f3-Your-Access-Key-9401
        tags: local:sf,acct:eng,svc:websvr
        log: { file_priority: debug, console_priority: debug }
        

        Docker run command

        If you are using the “ADDITIONAL_CONF” parameter to start a Docker containerized agent, you would specify this entry in the Docker run command:

        -e ADDITIONAL_CONF=“log:  { file_priority: error, console_priority: none }”
        -e ADDITIONAL_CONF="log:\n  file_priority: error\n  console_priority: none"
        

        Kubernetes Infrastructure

        When running in a Kubernetes infrastructure (installed using the v1 method, comment in the “ADDITIONAL_CONF” line in the agent sysdig-daemonset.yaml manifest file, and modify as needed:

        - name: ADDITIONAL_CONF #OPTIONAL pass additional parameters to the agent
          value: "log:\n file_priority: debug\n console_priority: error"
        
        

        2 -

        Manage File Logging for Agent Components

        Sysdig Agent provides the ability to set component-wise log levels that override the global file logging level controlled by the file_priority configuration option. The components represent internal software modules and can be found in /opt/draios/logs/draios.log.

        By controlling logging at the fine-grained component level, you can avoid excessive logging from certain components in draios.log or enable extra logging from specific components for troubleshooting.

        To set component-level logging:

        1. Determine the agent component you want to set the log level:

          To do so,

          1. Open the /opt/draios/logs/draios.log file.

          2. Copy the component name.

            The format of the log entry is:

            <timestamp>, <<pid>.<tid>>, <log level>, <component>[pid]:[line]: <message>
            

            For example, the given snippet from a sample log file shows log messages from sdjagent, mountedfs_reader, watchdog_runnable, protobuf_file_emitter, connection_manager, and dragent.

            2020-09-07 17:56:01.173, 27979.28018, Information, sdjagent[27980]: Java classpath: /opt/draios/share/sdjagent.jar
            2020-09-07 17:56:01.173, 27979.28018, Information, mountedfs_reader: Starting mounted_fs_reader with pid 27984
            2020-09-07 17:56:01.174, 27979.28019, Information, watchdog_runnable:105: connection_manager starting
            2020-09-07 17:56:01.174, 27979.28019, Information, protobuf_file_emitter:64: Will save protobufs for all message types
            2020-09-07 17:56:01.174, 27979.28019, Information, connection_manager:282: Initiating connection to collector
            2020-09-07 17:56:01.175, 27979.27979, Information, dragent:1243: Created Sysdig inspector
            
        2. Open /opt/draios/etc/dragent.yaml.

        3. Edit the dragent.yaml file and add the desired components:

          In this example, you are setting the global level to notice and component log levels for sdjagent, watchdog_runnable, protobuf_file_emitter, and connection_manager.

          log:
            file_priority: notice
            file_priority_by_component:
              - "connection_manager: debug"
              - "protobuf_file_emitter: notice"
              - "watchdog_runnable: warning"
              - "sdjagent: error"
          

          The log levels specified for components override global settings.

        4. Restart the agent.

          For example, if you have installed the agent as a service, then run:

          $ service dragent restart
          
          

        3 -

        Manage Console Logging for Agent Components

        Sysdig Agent provides the ability to set component-wise log levels that override the global console logging level controlled by the console_priority configuration option. The components represent internal software modules and can be found in /opt/draios/logs/draios.log.

        By controlling logging at the fine-grained component level, you can avoid excessive logging from certain components in draios.log or enable extra logging from specific components for troubleshooting.

        To set component-level logging:

        1. Determine the agent component you want to set the log level:

          To do so,

          1. Look at the console output.

            If you’re using an orchestrator like Kubernetes, the log viewer facility, such as the kubectl log command, shows the console log output.

          2. Copy the component name.

            The format of the log entry is:

            <timestamp>, <<pid>.<tid>>, <log level>, <component>[pid]:[line]: <message>
            

            For example, the given snippet from a sample log file shows log messages from sdjagent, mountedfs_reader, watchdog_runnable, protobuf_file_emitter, connection_manager, and dragent.

            2020-09-07 17:56:01.173, 27979.28018, Information, sdjagent[27980]: Java classpath: /opt/draios/share/sdjagent.jar
            2020-09-07 17:56:01.173, 27979.28018, Information, mountedfs_reader: Starting mounted_fs_reader with pid 27984
            2020-09-07 17:56:01.174, 27979.28019, Information, watchdog_runnable:105: connection_manager starting
            2020-09-07 17:56:01.174, 27979.28019, Information, protobuf_file_emitter:64: Will save protobufs for all message types
            2020-09-07 17:56:01.174, 27979.28019, Information, connection_manager:282: Initiating connection to collector
            2020-09-07 17:56:01.175, 27979.27979, Information, dragent:1243: Created Sysdig inspector
            
        2. Open /opt/draios/etc/dragent.yaml.

        3. Edit the dragent.yaml file and add the desired components:

          In this example, you are setting the global level to notice and component log levels for sdjagent, watchdog_runnable, protobuf_file_emitter, and connection_manager.

          log:
            console_priority: notice
            console_priority_by_component:
              - "connection_manager: debug"
              - "protobuf_file_emitter: notice"
              - "watchdog_runnable: warning"
              - "sdjagent: error"
          

          The log levels specified for components override global settings.

        4. Restart the agent.

          For example, if you have installed the agent as a service, then run:

          $ service dragent restart