Daemon logs are generated on the appliances and can either be downloaded when required or exported.
They will typically be used when troubleshooting; this might be an Appliance that is misbehaving or a user who is having connectivity issues. Information about using journalctl to view these log records can be found in Appliance troubleshooting.
Daemon logs
Daemon logs are written to the journal locally within each appliance using journald. journald manages the storage, the amount allocated depending on the size of the disk specified. The allocated amount is made up of a variable amount equal to 10% of disk size excluding the fixed journald allocation, added to the fixed journald allocation (which is 3.2GB). So a 32GB disk would be allocated 6.08GB in total. When the allocation is all used up the oldest records are removed.
Exporting daemon logs using Rsyslog
Each appliance has the ability to export all the logs (audit and daemon) using Rsyslog. There is a 1GB buffer per configured destination - but this should not be considered as log storage and if no Rsyslog destination is available then these logs will be lost. This is the only way to export the daemon logs. To export the appliance logs using Rsyslog, then for each appliance you will need to configure the <Rsyslog Destinations> in Appliances > Miscellaneous. It is also possible to use secure log transfer via RSYSLOG but this requires manual configuration on both ends.
Viewing daemon logs
They can also be downloaded from System > Appliances for examination locally. They are downloaded as a zip archive which you will have to expand.
The first file will be system-info.txt. This can contain some useful information including summaries of the healthchecks the system has been reporting. The logs_by_daemon folder is going to be the main area of interest. The list below summarizes the functions of the different daemons you will see listed in there.
There may be occasions where it is not possible to get the debug logs using the admin UI; for this eventuality there is a local command sudo cz-config collect-logs.
Daemon log levels
Every event which is logged is assigned a severity level, which is an indication of the importance of the event. 'Daemon log level' defines which types of event are stored in the appliance's daemon log. Daemon log level is configured on each appliance - the default setting is 'INFO'.
Daemon log level setting | Description | Events stored - severity levels | ||||
|---|---|---|---|---|---|---|
DEBUG | INFO | WARNING | ERROR | CRITICAL | ||
DEBUG | Debug messages, for running the system in debug mode or for troubleshooting appliances. Remember to reduce the log level setting once troubleshooting has been successful to reduce the disk-writing load on the appliance. | yes | yes | yes | yes | yes |
INFO | Normal activity events, such as user sign-ins, starting/stopping of IP access. Default setting for debug log levels. | yes | yes | yes | yes | |
WARNING | Non-systematic errors, such as erroneous packets received, or maximum number of connections reached. May be sufficient event logging for mature systems that have been running successfully. | yes | yes | yes | ||
ERROR | Systematic errors, such as a syntax error while parsing an expression. May be sufficient event logging for mature systems that have been running successfully. | yes | yes | |||
CRITICAL | Critical errors, such as Appgate SDP could not read a configuration file. Should be acted upon immediately. May be sufficient event logging for mature systems that have been running successfully. | yes | ||||
Changing a daemon log level
You may need to change daemon log level in order to:
Run the appliance in DEBUG mode for troubleshooting
Manage the performance of an appliance by running the system in WARNING, ERROR or CRITICAL mode to reduce disk-writing load.
To change the daemon log level on an appliance, log into the appliance using SSH. Run cz-setup using the command: sudo cz-setup. You will see the following menu:
Select <Change log levels> to access the list of log daemons and change the settings as required:
