Skip to content

Commit

Permalink
Adding in log level support to troubleshooting page per usage documen…
Browse files Browse the repository at this point in the history 
…t. Tied to NVSHAS-7687.

Signed-off-by: Sunil Singh <[email protected]>
  • Loading branch information
@sunilarjun
sunilarjun committed Jan 10, 2025
1 parent 4200556 commit c510a63
Show file tree
Hide file tree
Showing 2 changed files with 184 additions and 2 deletions.
93 changes: 92 additions & 1 deletion docs/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,98 @@ kubectl get events -n neuvector

The support log contains additional information which is useful for NeuVector Support, including system configuration, containers, policies, notifications, and NeuVector container details.

To download the support log, go to Settings -> Configuration and select Collect Log.
To download the support log, go to Settings -> Configuration and select Collect Log.

### Set Logging Severity Levels

The enforcer and controller support four log levels that can be set: error, warn, info, debug. The log level can be set via Helm chart or deployment YAML during installation, or they can be set during runtime via the command-line. After the log level is set, only specific logs are displayed in the enforcer or controller log.

#### Setting Options

+ To set the log level via Helm chart or deployment YAML during installation time:

Reuse the variable `CTRL_PATH_DEBUG` for both the enforcer and controller general log to set the log level value(error, warn, info, debug).

+ If the value is "error": The log level is set to "ERRO"; only "ERRO" log is displayed, and "WARN", "INFO", and "DEBU" logs will not be displayed.
+ If the value is "warn": The log level is set to "WARN"; only "WARN" and "ERRO" logs are displayed, and "INFO", and "DEBU" logs will not be displayed.
+ If the value is "info": The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and "DEBU" log will not be displayed.
+ If the value is empty (if the command-line only has the option without the value), or if the input is "1", "e", "y", "Y", "t", "T", or if the input is "debug": The log level is set to "DEBU", and "DEBU", "INFO", "WARN", and "ERRO" logs are displayed.
+ If the value is anything else: The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and the "DEBU" log will not be displayed.
+ To set the log level using the command-line during runtime:

Set the log level for specific enforcer or controller:
Command:

```shell
set {enforcer|controller} {ID_OR_NAME} log_level {error|warn|info|debug}
```

Example:

```shell
admin#127.0.0.1> set enforcer 470465277a36 log_level debug
admin#127.0.0.1> show enforcer setting 470465277a36
+-----------+-------+
| Field | Value |
+-----------+-------+
| log_level | debug |
| debug | cpath |
+-----------+-------+
( default debug level setting will only set the cpath category)
```

Set the system log level for all enforcers or controllers:

Command:

```shell
set system log_level {enforcers|controllers} {error|warn|info|debug}
```

Example:

```shell
admin#127.0.0.1> set system log_level enforcers error
admin#127.0.0.1> show enforcer setting 470465277a36
+-----------+-------+
| Field | Value |
+-----------+-------+
| log_level | error |
| debug | |
+-----------+-------+
(if the log level is "debug", the log display will be dependent on the category)
```

#### Example

Set the `CTRL_PATH_DEBUG` to “debug” in the enforcer YAML and then deploy the enforcer:

```YAML
containers:
- env:
- name: ENF_MONITOR_TRACE
value: "1"
- name: CLUSTER_JOIN_ADDR
value: neuvector-svc-controller.neuvector
- name: CLUSTER_ADVERTISED_ADDR
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: CTRL_PATH_DEBUG
value: "debug"
```

The below logs can be displayed in the enforcer log with an example command:

```shell
k logs -f {ENFORCER_ID} -n neuvector | grep "|DEBU|AGT| \ | |INFO|AGT| \ | |WARN|AGT|\|ERRO|AGT|"
```

+ |ERRO|AGT|
+ |WARN|AGT|
+ |INFO|AGT|
+ |DEBU|AGT|

### Using the CLI to turn on Debug Mode

Expand Down
93 changes: 92 additions & 1 deletion ...ed_docs/version-5.4/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,98 @@ kubectl get events -n neuvector

The support log contains additional information which is useful for NeuVector Support, including system configuration, containers, policies, notifications, and NeuVector container details.

To download the support log, go to Settings -> Configuration and select Collect Log.
To download the support log, go to Settings -> Configuration and select Collect Log.

### Set Logging Severity Levels

The enforcer and controller support four log levels that can be set: error, warn, info, debug. The log level can be set via Helm chart or deployment YAML during installation, or they can be set during runtime via the command-line. After the log level is set, only specific logs are displayed in the enforcer or controller log.

#### Setting Options

+ To set the log level via Helm chart or deployment YAML during installation time:

Reuse the variable `CTRL_PATH_DEBUG` for both the enforcer and controller general log to set the log level value(error, warn, info, debug).

+ If the value is "error": The log level is set to "ERRO"; only "ERRO" log is displayed, and "WARN", "INFO", and "DEBU" logs will not be displayed.
+ If the value is "warn": The log level is set to "WARN"; only "WARN" and "ERRO" logs are displayed, and "INFO", and "DEBU" logs will not be displayed.
+ If the value is "info": The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and "DEBU" log will not be displayed.
+ If the value is empty (if the command-line only has the option without the value), or if the input is "1", "e", "y", "Y", "t", "T", or if the input is "debug": The log level is set to "DEBU", and "DEBU", "INFO", "WARN", and "ERRO" logs are displayed.
+ If the value is anything else: The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and the "DEBU" log will not be displayed.
+ To set the log level using the command-line during runtime:

Set the log level for specific enforcer or controller:
Command:

```shell
set {enforcer|controller} {ID_OR_NAME} log_level {error|warn|info|debug}
```

Example:

```shell
admin#127.0.0.1> set enforcer 470465277a36 log_level debug
admin#127.0.0.1> show enforcer setting 470465277a36
+-----------+-------+
| Field | Value |
+-----------+-------+
| log_level | debug |
| debug | cpath |
+-----------+-------+
( default debug level setting will only set the cpath category)
```

Set the system log level for all enforcers or controllers:

Command:

```shell
set system log_level {enforcers|controllers} {error|warn|info|debug}
```

Example:

```shell
admin#127.0.0.1> set system log_level enforcers error
admin#127.0.0.1> show enforcer setting 470465277a36
+-----------+-------+
| Field | Value |
+-----------+-------+
| log_level | error |
| debug | |
+-----------+-------+
(if the log level is "debug", the log display will be dependent on the category)
```

#### Example

Set the `CTRL_PATH_DEBUG` to “debug” in the enforcer YAML and then deploy the enforcer:

```YAML
containers:
- env:
- name: ENF_MONITOR_TRACE
value: "1"
- name: CLUSTER_JOIN_ADDR
value: neuvector-svc-controller.neuvector
- name: CLUSTER_ADVERTISED_ADDR
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: CTRL_PATH_DEBUG
value: "debug"
```

The below logs can be displayed in the enforcer log with an example command:

```shell
k logs -f {ENFORCER_ID} -n neuvector | grep "|DEBU|AGT| \ | |INFO|AGT| \ | |WARN|AGT|\|ERRO|AGT|"
```

+ |ERRO|AGT|
+ |WARN|AGT|
+ |INFO|AGT|
+ |DEBU|AGT|

### Using the CLI to turn on Debug Mode

Expand Down

0 comments on commit c510a63

Please sign in to comment.