Unable to obtain network-acl logs

wangpengyan0 · May 14, 2024, 6:55am

When I want to send OVN logs to incus, I follow the documentation to configure it, but currently I cannot find the ovn logs in loki.
These are the relevant configurations of the cluster

root@hci01:~# incus  config show
config:
  cluster.https_address: hci01.service:8443
  core.https_address: hci01.service:8443
  core.syslog_socket: "true"
  loki.api.url: http://172.31.30.129:3100
  loki.instance: incus:clus-szqFwZzof1
  loki.types: lifecycle,logging,network-acl
  network.ovn.northbound_connection: tcp:172.31.30.129:6641,tcp:172.31.30.130:6641,tcp:172.31.30.131:6641

root@hci01:~# cat /etc/default/ovn-host
# This is a POSIX shell fragment                -*- sh -*-

# OVN_CTL_OPTS: Extra options to pass to ovs-ctl.  This is, for example,
# a suitable place to specify --ovn-controller-wrapper=valgrind.
# OVN_CTL_OPTS=
OVN_CTL_OPTS=" \
       --ovn-controller-log='-vsyslog:info --syslog-method=unix:/var/lib/incus/syslog.socket'"

root@hci01:~# cat /etc/default/ovn-central
# This is a POSIX shell fragment                -*- sh -*-

# OVN_CTL_OPTS: Extra options to pass to ovs-ctl.  This is, for example,
# a suitable place to specify --ovn-northd-wrapper=valgrind.
# OVN_CTL_OPTS=
OVN_CTL_OPTS=" \
     --db-nb-addr=172.31.30.129 \
     --db-nb-create-insecure-remote=yes \
     --db-sb-addr=172.31.30.129 \
     --db-sb-create-insecure-remote=yes \
     --db-nb-cluster-local-addr=172.31.30.129 \
     --db-sb-cluster-local-addr=172.31.30.129 \
     --ovn-northd-log='-vsyslog:info --syslog-method=unix:/var/lib/incus/syslog.socket' \
     --ovn-nb-log='-vsyslog:info --syslog-method=unix:/var/lib/incus/syslog.socket' \
     --ovn-sb-log='-vsyslog:info --syslog-method=unix:/var/lib/incus/syslog.socket' \
     --ovn-northd-nb-db=tcp:172.31.30.129:6641,tcp:172.31.30.130:6641,tcp:172.31.30.131:6641 \
     --ovn-northd-sb-db=tcp:172.31.30.129:6642,tcp:172.31.30.130:6642,tcp:172.31.30.131:6642"

result

root@hci01:~# incus monitor --type=network-acls

I can’t find the logs of network-acl and ovn on grafana, the types shown here are only lifecycle and logging.
What else do I need to do? Hope to get your reply.

chenchen · May 20, 2024, 7:35am

I also have a question about How to collect logs of ovn cluster. My original plan was to use a project from github and which name is ovn-exporter ,this project can collect a very small amount of metrics provided by ovs and prometheus will pull it. but after i read this：
Send OVN logs to Incus

I also plan to use the official method provided by incus.Then I encountered the same problem and it seemed that the logs were not sent to loki.

And my another question is what is the function of network-acls type, does it only record acl for ovn logs or will any ovn related operations be logged?

stgraber · May 21, 2024, 3:28am

It only forwards ACL events from OVN to LOKI, for general (non-ACL related) OVN log messages to be forwarded, you’d probably just want all host system logs captured by something like promtail.

chenchen · May 22, 2024, 3:19am

OK, thank you for your answer.