How to retrieve the System logs using cURL command?
Hi Community,
Is there any option available to retrieve the System logs using cURL command in the shell script?
Kindly let me know if there is any option available.
Appreciate your support.
Thanks,
Rahul.
Best Answers
-
Ha! Once in my lifetime, I can add information on an answer from @Aaron :-)
It is possible to retrieve logs via SEMP.
Something like:
curl -u admin:admin -d '<rpc><show><log><event></event></log></show></rpc>' https://mr-abcd:943/SEMP
- You have to use the management port (and protocol) to your broker.
- You have to use a valid user (can even be read only)
- There are only the newest 1000 log lines available
The restriction to "1000 log lines available" is so important, that I fully agree with Aaron to use an external syslog server, if possible.
Uli
P.S.: If you ever wanted to know, where to get the XML-SEMP commands for SEMPv1:
In the solace container, there is a tool "cli-to-semp".
Just try it with
cli-to-semp "show client-profile *"1 -
Haha @uherbst..! Yup, you got the green tick mark! Nice. Ok, now let me add a bit on your answer..! 😉
For completeness @techrahul95, and if you need them: here are some of my Solace Syslog config files. They're not perfect, but they're pretty close. https://github.com/aaron-613/solace-logging-config
Using SEMPv1 to pull the logs with
curlis good, but not ideal. Especially if you have a massive log file. Now, you CAN actually specify the number of lines you want... not limited to the last 1000. This will return the last 2000 lines. (not sure how many you can specify before things break haha) (SEMPv1 has a maximum return payload size of 32MB)<rpc> <show> <log> <event> <lines/> <num-lines>2000</num-lines> </event> </log> </show> </rpc>Alternatively, if you don't want to use an external logging server with Syslog, you could copy the event log file off the broker. But you'll need to make a special
file-transfertype username:solace102> en solace102# con solace102(configure)# create username ft password pw file-transfer solace102(configure/username)# exit solace102(configure)# solace102(configure)# show username * Configured Users User Type Global Default VPN Access Level Access Level -------------------------------- ------------- ------------ ------------- admin cli admin none ft file-transfer
This will allow you to copy files off the shell, off the control plane. From your Linux shell, or using your favourite SFTP program:
scp -P 2222 ft@localhost:/logs/event.log .
Note the port 2222 for SSH access on the software broker. Then the file-transfer type users have their file root as
/usr/sw/jail/so that's why the path is/logs/and not the full path.Anyhow! There's some extra info and ways of grabbing the event log (or system or command logs).
1 -
Hi @techrahul95... I think you misunderstood me, or I'm misunderstanding you. So just want to be clear:
- Using an external Syslog server you can have as many lines as you want. You could keep years' worth of logs.
- Using the SEMPv1 command above, you can ask for 10000 or 50000 lines if you want. Just be warned that you can't (probably) ask for a million or something. But I don't think there's a configured maximum. The "2000" above was just showing an example.
Obviously the external Syslog server is the best option, as you don't have to query the broker any time you want to look at log files.
Glad to have helped..!
1
Answers
-
Hi @techrahul95, can I ask what form factor your broker is? Software, hardware, Docker, Cloud, etc..? Typically you would login to the shell/control plane of the broker and either view or copy the log files directly from there; they are located in folder
/usr/sw/jail/logs/Another option is to setup an external Syslog server, and point your PubSub+ broker to that. I have some config files for rsyslog and syslog-ng if you'd be interested in that. Can even use a free tier AWS EC2 instance for a "free" logging server.
0 -
Ha! Once in my lifetime, I can add information on an answer from @Aaron :-)
It is possible to retrieve logs via SEMP.
Something like:
curl -u admin:admin -d '<rpc><show><log><event></event></log></show></rpc>' https://mr-abcd:943/SEMP
- You have to use the management port (and protocol) to your broker.
- You have to use a valid user (can even be read only)
- There are only the newest 1000 log lines available
The restriction to "1000 log lines available" is so important, that I fully agree with Aaron to use an external syslog server, if possible.
Uli
P.S.: If you ever wanted to know, where to get the XML-SEMP commands for SEMPv1:
In the solace container, there is a tool "cli-to-semp".
Just try it with
cli-to-semp "show client-profile *"1 -
-
Haha @uherbst..! Yup, you got the green tick mark! Nice. Ok, now let me add a bit on your answer..! 😉
For completeness @techrahul95, and if you need them: here are some of my Solace Syslog config files. They're not perfect, but they're pretty close. https://github.com/aaron-613/solace-logging-config
Using SEMPv1 to pull the logs with
curlis good, but not ideal. Especially if you have a massive log file. Now, you CAN actually specify the number of lines you want... not limited to the last 1000. This will return the last 2000 lines. (not sure how many you can specify before things break haha) (SEMPv1 has a maximum return payload size of 32MB)<rpc> <show> <log> <event> <lines/> <num-lines>2000</num-lines> </event> </log> </show> </rpc>Alternatively, if you don't want to use an external logging server with Syslog, you could copy the event log file off the broker. But you'll need to make a special
file-transfertype username:solace102> en solace102# con solace102(configure)# create username ft password pw file-transfer solace102(configure/username)# exit solace102(configure)# solace102(configure)# show username * Configured Users User Type Global Default VPN Access Level Access Level -------------------------------- ------------- ------------ ------------- admin cli admin none ft file-transfer
This will allow you to copy files off the shell, off the control plane. From your Linux shell, or using your favourite SFTP program:
scp -P 2222 ft@localhost:/logs/event.log .
Note the port 2222 for SSH access on the software broker. Then the file-transfer type users have their file root as
/usr/sw/jail/so that's why the path is/logs/and not the full path.Anyhow! There's some extra info and ways of grabbing the event log (or system or command logs).
1 -
Thanks @Aaron. I have checked the repository. it is awesome 😃.
I have understood that we can get maximum of 2000 lines of system logs but as for my use case it is not ideal. I will definitely check it out with SEMP v1 command.
Appreciated your support.
Regards,
Rahul
0 -
Hi @techrahul95... I think you misunderstood me, or I'm misunderstanding you. So just want to be clear:
- Using an external Syslog server you can have as many lines as you want. You could keep years' worth of logs.
- Using the SEMPv1 command above, you can ask for 10000 or 50000 lines if you want. Just be warned that you can't (probably) ask for a million or something. But I don't think there's a configured maximum. The "2000" above was just showing an example.
Obviously the external Syslog server is the best option, as you don't have to query the broker any time you want to look at log files.
Glad to have helped..!
1 -
Thanks for the detailed insights @Aaron. I got your points clearly.
Appreciated a lot. 🙂
0
