Downloading a Log Bundle

Update: The Downloading a Log Bundle support tool has been updated in Lumeta 4.1 to display better in Internet Explorer browser. Also, you can now download database (-d) and spool (-c) files. You can download the most frequently used log files from the browser interface, download the heap dump, and specify the types of log files you want to download.

CLI and API commands for this support bundle are also available. See Essential CLI Procedures and Lumeta API Calls for the syntax. 

This command downloads Lumeta's current configuration and a running list of all Lumeta system activity. The resulting log file is especially useful in troubleshooting. See Lumeta API Calls and Essential CLI Procedures for API and CLI commands. 

To download a log bundle:

1. Click Download in Settings > Support Tools > Download Log Bundle. 
2. The database, spool files, and heap log are not download by default. But you can opt to include them by selecting the checkbox options for them.  

Information about what's included in the log bundle follows:

1. lumeta-webapp.out - This is the main log file for Lumeta services.
2. lumeta-webapp-console.log - Console logs for the lumeta webapp service.
3. /var/log/lumeta-queries.log - All query timings are sent to the /var/log/lumeta-queries.log by default. No need to set log levels. Qery timings are not sent to lumeta-webapp.out or discovery-agent.log.
4. /var/log/httpd/error_log - Records of all error conditions reported by the HTTP server. Use it to better understand connection issues.
5. /var/log/httpd/access_log: Records of every page served and every file loaded by the web server
6. /var/log/httpd/modsec_audit.log: Logs all HTTP transactions
7. These 4 logs capture the lumeta-warehouse information:
   1. lumeta-warehouse.out
   2. lumeta-warehouse-queries.log
   3. lumeta-warehouse-pgwire.log
   4. lumeta-warehouse-console.log

8. Other Logs - Other files in /var/logs are native Linux or 3rd-party log files. Important ones are listed here:

   Log Name	Log Description
   anaconda.*	Installation-related log files
   audit/	Logs from Linux audit daemon
   boot.log	Information logged when the system boots
   btmp	Failed logins
   dmesg	Kernal ring buffer information
   kern	Information logged by the kernel
   lastlog	Recent login information for all users
   messages	Global system messages
   sa/	Sar files collected by sysstat
   secure	Authentication and authorization logs
   syslog-ng.log	Syslog messages
   wtmp	Login records

Raw Files
The /var/spool/Lumeta/ directory contains all raw files. You can validate that discovery is taking place checking this directory and seeing that the number of files grow.  You can also search for specific IPs in this directory.

Database
To find out what IPs/CIDRs were targeted in a specific zone, follow this process:

1. Log in as root.
2. Run db.
3. Run select * from zone_000x.target in which x is the name of a particular zone.
   The zone_000X.target shows what was targeted and the time it was targeted.

Setting Logging Level Details

To set the log levels for a particular Lumeta service (API, DISCOVERY, SYSLOG) , use this CLI syntax:

• log level set debug service [ subsystem ]


Use the following command to see all SQL queries to the Postgres database.

• log level set debug API com.lumeta.api.sql


The Java Console

Your browser's Java Console provides information about any error message that occurs while running Lumeta applications. These error messages, and additional details associated with them, are also logged in other Lumeta logs.

A Console > Network > GET and Console > Network > POST shows the GUI's response time for a particular mouse click, form submission, etc. (POST) to Lumeta and the GUI response to a particular mouse click, form submission or similar (GET). This information helps in debugging in the unlikely event you do not see the results you intended.

API

 api/rest/system/diagnostic/exports?spool={true|false}&database={true|false}
The parameters spool and database are optional and default to false.