9.3.1. ON Core Logs
Within the ON Core node we can find a large number of logs that can help us understand or detect errors that may arise during system operation.
The main logs to take into account in the ON Core node are:
9.3.1.1. radius.log
This log contains all the information related to user authentications. For example, the results of authentications and authorizations.
Path:
/var/log/radius/radius.log
Example:
Thu Aug 25 10:11:02 2022 : Info: rlm_opennac[callAPI]: {"source":"USER","url":"http://127.0.0.1/api/poleval/userid/monitor/switch/10.250.101.103/port/0/mac//portid/0/sessiondata/%7B%22User-Name%22%3A%22monitor%22%2C%22NAS-IP-Address%22%3A%2210.250.101.103%22%2C%22Event-Timestamp%22%3A%22Aug%2025%202022%2010%3A11%3A02%20CEST%22%7D/timestamp/1661415062590/source_module/radius/apiv/1.2.0","exec_time_sec":0.185500}
Thu Aug 25 10:11:02 2022 : Info: rlm_opennac: {"info_msg":"Access Denied","status_msg":"Policy access denied by rule[Monitor]","auth-type":"USER"}
9.3.1.2. gearmand.log
This log contains all the information related to gearmand’s service operation. Most of the information needed for debugging day to day operations can be found using:
Command:
gearadmin --status
9.3.1.3. mariadb.log
This log contains all the information related to mysql’s service operation. For example, replication files could not be found, or if there is not enough memory available for the service to start or work properly. This information can be found in the file /etc/my.cnf.
Path:
/var/log/mariadb/mariadb.log
Example:
200305 12:48:26 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
200305 12:48:26 InnoDB: Initializing buffer pool, size = 2.0G
9.3.1.4. opennac-admonportal.log
This log contains information related to the Administration Portal’s application.
Path:
/var/log/opennac/opennac-admonportal.log
Example:
Feb 14 10:30:54 LAB0oncore opennac-admonportal[24554]: indexAction id=Common_Query::__set_state(array(#012 'filter' => NULL,#012 'order' => NULL,#012 'offset' => NULL,#012 'limit' => NULL,#012 'count' => false,#012 'groupBy' => NULL,#012 'file' => false,#012))
Feb 14 10:30:54 LAB0oncore opennac-admonportal[24554]: apiCallfromAdmonportal call=GET http://localhost/api/statusinfrastructure?file=0
9.3.1.5. opennac-agent-audit.log
This log contains all the information that OpenNAC Enterprise receives from the ON Agent. This log will also contain detailed information if OpenNAC Enterprise is in debug mode.
Path:
/var/log/opennac/opennac-agent-audit.log
Example:
Feb 10 11:02:19 LAB0oncore opennac-user-agent[14155]: UserAgent [Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15] OS [Mac OS X 10.15.1] Browser [Safari 13.0.3] Device []
Feb 10 11:29:59 LAB0oncore opennac-user-agent[22670]: UserAgent Error [Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)] OS [Other] Browser [Other] Device []
9.3.1.6. opennac-analytics.log
This log contains the information related to the devices. This is stored as JSON. This log is fed to the ON Analytics.
Path:
/var/log/opennac/opennac-analytics.log
Example:
2019-06-03T16:18:42.388124+02:00 localhost opennac-poc-sensor[22861]: {"module":"poleval","uri":"1f4c32ee-716c-11e9-8066-6f6e636f7265","ip":"10.10.18.84","rule":"SNMP Access Allow","userid":"","netdev":"10.10.37.5","netdevport":"05","netdevmac":"00:1C:0E:97:39:81","hostname":"ALVARO-LAPTOP","source":"SNMP","fullsource":"","ssid":"","businessProfiles":[],"mac":"10:7B:44:B7:66:B3","status":2,"statustxt":"LOGOUT","statusmsg":"","trackidevent":"7d576770-860a-11e9-8170-6f6e636f7265","trackid":"c66b0d56-8608-11e9-9f18-6f6e636f7265","sessionid":"10:7B:44:B7:66:B3","tags_on":["BDA_JVC_HA-S20BT","CDT_BAREMETAL","DFP_DESKTOP","DOS_WINDOWS_10","EPT_DESKTOP","IAI_7-ZIP_19.00_X64_EDITION_19.00.00.0","IAI_BACKUP_AND_SYNC_FROM_GOOGLE_3.43.4275.9540","IAI_CITRIX_RECEIVER_14.12.0.18020","IAI_CONTROLADOR_DE_GRFICOS_INTEL_21.20.16.4550","IAI_FORK_-_A_FAST_AND_FRIENDLY_GIT_CLIENT_1.31.1","IAI_GLOBALPROTECT_3.0.3","IAI_GOOGLE_CHROME_74.0.3729.157","IAI_KB2565063","IAI_KB4470502","IAI_KB4470788","IAI_KB4480056","IAI_KB4480979","IAI_KB4489907","IAI_KB4493478","IAI_KB4493510","IAI_KB4495590","IAI_KB4495667","IAI_KB4497932","IAI_KB4499728","IAI_KEEPASSXC_2.3.4","IAI_MICROSOFT_OFFICE_365_BUSINESS_-_ES-ES_16.0.11601.20178","IAI_MICROSOFT_VISUAL_C_2005_REDISTRIBUTABLE_8.0.56336","IAI_MICROSOFT_VISUAL_C_2005_REDISTRIBUTABLE_X64_8.0.56336","IAI_MICROSOFT_VISUAL_C_2008_REDISTRIBUTABLE_-_X64_.17_9.0.30729","IAI_MICROSOFT_VISUAL_C_2008_REDISTRIBUTABLE_-_X86_.17_9.0.30729","IAI_MICROSOFT_VISUAL_C_2010_X64_REDISTRIBUTABLE_-_10.0.40219","IAI_MICROSOFT_VISUAL_C_2010_X86_REDISTRIBUTABLE_-_10.0.40219","IAI_MICROSOFT_VISUAL_C_2012_REDISTRIBUTABLE_X64_-_11.0.61030.0","IAI_MICROSOFT_VISUAL_C_2012_REDISTRIBUTABLE_X86_-_11.0.61030.0","IAI_MICROSOFT_VISUAL_C_2013_REDISTRIBUTABLE_X64_-_12.0.30501.0","IAI_MICROSOFT_VISUAL_C_2013_REDISTRIBUTABLE_X86_-_12.0.30501.0","IAI_MICROSOFT_VISUAL_C_2017_REDISTRIBUTABLE_X64_-_14.12.25810.0","IAI_MICROSOFT_VISUAL_C_2017_REDISTRIBUTABLE_X86_-_14.12.25810.0","IAI_MOBAXTERM_11.1.0.3860","IAI_MOZILLA_FIREFOX_X64_ES-ES_66.0.5","IAI_MOZILLA_MAINTENANCE_SERVICE_66.0.5","IAI_NOTEPAD_32-BIT_X86_7.6.6","IAI_NVIDIA_CONTROLADOR_DE_GRFICOS_419.35","IAI_NVIDIA_SOFTWARE_DEL_SISTEMA_PHYSX_9.19.0218","IAI_OPENVPN_2.4.7.I603","IAI_ORACLE_VM_VIRTUALBOX_6.0.6","IAI_OWNCLOUD_2.5.4.11415","IAI_QBITTORRENT_4.1.5","IAI_REALTEK_HIGH_DEFINITION_AUDIO_DRIVER_6.0.1.8254","IAI_SPOTIFY_1.1.6.113.GB388FE17","IAI_TAP-WINDOWS_9.21.2","IAI_VLC_MEDIA_PLAYER_3.0.6","IAI_ZOOM_4.3.46560","ISS_AS_ENABLED","ISS_AS_STATUS","ISS_AS_UPDATE","ISS_AV_ENABLED","ISS_AV_STATUS","ISS_AV_UPDATE","ISS_FW_ENABLED","ISS_FW_STATUS","ISS_FW_UPDATE","MAC_107B44","MAC_646E69","NCS_BITLOCKER","ONC_AGENT","ONC_ARCH_X64","ONC_AUTOLEARNED","ONC_WIN_AGENT","RDI_WINDOWS_10_1809","ROS_WINDOWS","VOS_WINDOWS_10_HOME","WCS_IMDEA_SOFTWARE_GUESTS","WSA_DIRECT-DFDESKTOP-LAURENTMSEV","WSA_EDUROAM","WSA_EIT-DIGITAL_GUESTS","WSA_IMDEA_SOFTWARE_2.4","WSA_IMDEA_SOFTWARE_GUESTS","WSA_OPENNAC-CORP"]}
9.3.1.7. opennac-api.log
This log contains information related to the requests made against the API. For example, policy evaluations, object creation, etc. Everything that is done in the application is done through the API.
Path:
/var/log/opennac/opennac-api.log
Example:
Mar 3 10:09:54 LAB0oncore opennac-api[24060]: 2020-03-03 10:09:54 INFO: [9373] {"action":"Login user","result":"user logged","input":{"username":"admin"},"method":"AuthController::postAction"}
Mar 3 11:19:14 LAB0oncore opennac-api[24058]: 2020-03-03 11:19:14 ERR: [f1f6] {"action":"error","reason":"Event [MACDISCOVER] ip [10.10.36.176] not defined in our NETWORKS range, add a new NETWORK GW if ip is valid","method":"Application_Model_Onnac::validEval"}
9.3.1.8. opennac-api-doc.log
OpenNAC Enterprise provides a web interface that contains detailed documentation related to its REST API. This interface is mostly used by a client to automate tasks and it can be found at “<opennac_ip>/api-doc”. This log contains detailed information related to the API calls done.
Path:
/var/log/opennac/opennac-api-doc.log
Example:
Mar 10 09:14:47 LAB0oncore opennac-api-doc[14796]: apiCallfromAdmonportal call=POST http://localhost/api/auth
Mar 10 09:14:47 LAB0oncore opennac-api-doc[14796]: {"username":"admin","password":"*******","useOnlyLocalRepo":true}
Mar 10 09:14:47 LAB0oncore opennac-api-doc[14796]: Setting session language to 'en'
9.3.1.9. opennac-audit.log
This log contains information related to the changes/actions performed by a user through the OpenNAC Enterprise’s Administration Portal.
Path:
/var/log/opennac/opennac-audit.log
Example:
Feb 14 10:57:39 LAB0oncore opennac-audit[20244]: USER=admin;USER_IP=127.0.0.1;OPERATION=UPDATE;TABLE=DEVICEUSER;ITEMID=6787327386510692356;ITEM={"MACADDRESS":"00:0E:C6:C0:AE:2E","IP":"","MACAUTH":"0","OWNER":"user1","VENDOR":"","MODEL":"","VERSION":"","DEVICE_TYPE":"","LAST_SEEN":"0000-00-00 00:00:00","COMMENT":"MAC autolearned by net device [10.240.5.10] port [50001] from policy rule [] 20200129 12:36:44","MODIFIED":"2020-02-14 10:57:39","MODIFIED_BY":"admin"}
Feb 14 10:57:39 LAB0oncore opennac-audit[20244]: USER=admin;USER_IP=127.0.0.1;OPERATION=FINISH_TRANSACTION
9.3.1.10. opennac-backup.log
This log contains information related to the results obtained when generating backups from OpenNAC Enterprise.
Path:
/var/log/opennac/opennac-backup.log
Example:
20200301_232601 - Exporting database (/var/log/opennac/backup/opennac-db-backup-v1.2.4-0.9479.el6.noarch-20200301_232601.sql)...
20200301_232601 - Packing all files (/backup/opennac-LAB0oncore-
20200301_232601 - Checking tar file (/backup/opennac-LAB0oncore-
20200301_232601 - Removing old backup file (/backup/opennac-LAB0oncore-
9.3.1.11. opennac-captive.log
This log contains information related to the Captive Portal.
Path:
/var/log/opennac/opennac-captive.log
Example:
Mar 10 09:42:01 onLAB opennac-captive[10570]: Common_Model_RestClient call to GET http://localhost:80/api/status successful
Mar 10 09:43:01 onLAB opennac-captive[14797]: REST call: http://localhost/api/status
9.3.1.12. opennac-captive-analytics.log
This log contains information related to the Captive Portal that will be then fed to the ON Analytics. This information could be a user access and the method used (such as WebAuth_Guest_Email) within the Captive Portal.
Path:
/var/log/opennac/opennac-captive-analytics.log
Example:
2020-03-01T11:16:15.774447+01:00 oncore01trunk opennac-captive-analytics[29456]: {"userId":"babyashnash@gmail.com","macaddress":"","captiveServer":"127.0.0.1","workflowName":"WebAuth_Guest_Email","authentication":"email","authenticationError":"","fallbackUsed":false,"primaryAuth":"","primaryAuthError":"","inputParams":"{\"cmd\":\"login\",\"mac\":\"20:32:6c:38:7d:85\",\"essid\":\"openNAC-Guest\",\"ip\":\"10.251.2.300\",\"apname\":\"70:3a:0e:c6:fd:d4\",\"vcname\":\"madrid-C6:FD:D4\",\"switchip\":\"opencloudfactory.net\",\"url\":\"http:\\\/\\\/connectivitycheck.gstatic.com\\\/generate_204\",\"serverIp\":\"poc002.opencloudfactory.com\\\/captive-portal\"}","status":"timeout","initExecutionTimestamp":"1582916370","executionTimeSeconds":300}
9.3.1.13. opennac-cron.log
This log contains all the information related to unhandled errors that may arise at the moment in which a cron (task to be executed) is searched for.
Path:
/var/log/opennac/opennac-cron.log
Example:
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]
9.3.1.14. opennac-ddbb.log
This log contains information related to the tasks/actions that the OpenNAC Enterprise application performs with the database. This are actions such as SELECTs, INSERTs, DELETEs, etc.
Path:
/var/log/opennac/opennac-ddbb.log
Example:
Mar 10 11:00:23 LAB0oncore opennac-ddbb[23156]: {"action":"Update","result":1,"statement":"UPDATE `DEVICEUSER` SET `MACADDRESS` = ?, `IP` = ?, `OWNER` = ?, `VENDOR` = ?, `MODEL` = ?, `VERSION` = ?, `DEVICE_TYPE` = ?, `LAST_SEEN` = ?, `COMMENT` = ?, `MODIFIED` = ?, `MODIFIED_BY` = ? WHERE (ID = '6785076599369764877')","executionTime":0.00040102005004883,"method":"Common_Model_AbstractDbMapper::update"}
9.3.1.15. opennac-health.log
This log is being written as part of the healthcheck process to verify that the syslog functionality is working correctly.
Path:
/var/log/opennac/opennac-health.log
Example:
Mar 11 09:43:04 LAB0oncore opennac-health[30083]: nac health status check
9.3.1.16. healthcheck.log
This log contains information related to the errors that might occur when the healthcheck is being executed.
Path:
/var/log/opennac/healthcheck.log
Example:
WINBIND [28/08/2022 12:04:15]: Error: The service could not be checked. Healthcheck timed out
AD_DOMAIN_MEMBER [28/08/2022 12:06:16]: Error: The service could not be checked. Healthcheck timed out
9.3.1.17. opennac-job.log
This log contains all the information related to OpenNAC Enterprise’s workers. By default, there are 40 workers executing tasks. Within their tasks, the workers will execute programs such as, and not limited to, nmap used in the Discover plugin. These programs will have log files that are configured to forward the information to this log.
OpenNAC Enterprise has a debugging mode in which more information is stored in the logs. This is quite useful for troubleshooting, as detailed information of each worker’s tasks will be found in this log. To enable the debugging, open the following file “/usr/share/opennac/api/application/configs/api.ini” and change the value in the line resources.log.syslog.filterParams.priority = 7 from 6 to 7. Be aware that this log will store much more information than before and, thus, after debugging, it is recommended to switch back to the previous configuration.
Path:
/var/log/opennac/opennac-job.log
Example:
Mar 9 10:20:08 LAB0oncore opennac-job[25169]: 2020-03-09 10:20:08 DEBUG: [25152] [25169] Worker netconf [10:20:08 20200309] trackid [6802135569255108629] //23/ Done in 5.2997028827667s
Mar 9 11:24:30 LAB0oncore opennac-job[25174]: 2020-03-09 11:24:30 DEBUG: [25152] discover::snmpSysObjId: SNMP community used [public]
Mar 9 11:24:38 LAB0oncore opennac-job[25174]: 2020-03-09 11:24:38 DEBUG: [25152] discover::onAuth: Result onAuthPlugin [false]
9.3.1.18. opennac-macport.log
This log contains information related to the MACs found in each switch port. This information is then fed to the ON Analytics.
The log format are the following: Switch’s IP, all the MACs connected, and the quantity of MACs connected.
Path:
/var/log/opennac/opennac-macport.log
Example:
2020-03-10T08:31:37.108791+01:00 LAB0oncore opennac-macport[17236]: {"netdevport":"50001","netdev":"10.10.36.23","qty":17}
9.3.1.19. opennac-nd-analytics.log
This log contains information related to the network devices. This information is stored as JSON and it is then fed to the ON Analytics.
Path:
/var/log/opennac/opennac-nd-analytics.log
Example:
2020-02-12T10:00:22.537092+01:00 LAB0oncore opennac-network-device[23695]: {"id":"6787315696054308870","ip":"10.240.5.10","ipmanagement":"0.0.0.0","description":"","hostname":"","serialNumber":"","idtiphi":"","version":"","macaddress":"","snmpVersion":0,"snmpro":"","snmprw":"","snmp3SecurityName":"","snmp3SecurityLevel":"","snmp3AuthProtocol":"","snmp3AuthPassPhrase":"","snmp3PrivacyProtocol":"","snmp3PrivacyPassPhrase":"","coaPwd":"","coaPort":"","disconnType":"","purchaseDate":null,"purchaseOrder":"","warranty":null,"maintenance":null,"eol":null,"conntype":"ssh","telnetuser":"opennac","telnetpass":"********","privilege":"********","location":"","bkpconntype":"","bkpuser":"","bkppass":"","bkpip":"0.0.0.0","bkppath":"","bkpfilename":"","bkpprivilege":"","brand":"Cisco","model":"Generic","brandmodel":"Cisco\/Generic","cmdbcustom":[],"macVendor":"","checkCompliance":false,"complianceStatus":"0","complianceLists":[],"complianceListNames":[],"numComplianceGroupsPassed":0,"numComplianceGroupsFailed":0,"numComplianceTestsPassed":0,"numComplianceTestsFailed":0,"numComplianceRulesPassed":0,"numComplianceRulesFailed":0,"tagsDescription":{"ONC_AUTOLEARNED":"Device autolearned"},"type":"100","enabled":true,"touchedTags":[],"addedTags":[],"removedTags":[],"created":"2020-01-29T11:51:22+01:00","createdBy":"admin","modified":"2020-02-12T10:00:22+01:00","modifiedBy":"admin","tags_on":["ONC_AUTOLEARNED"]}
9.3.1.20. opennac-netdev-compliance.log
This log contains the information used to create the network device compliance dashboards. This is stored as JSON. This log is fed to the ON Analytics.
Path:
/var/log/opennac/opennac-netdev-compliance.log
Example:
2020-02-12T12:12:22.303029+01:00 LAB0oncore opennac-netdev-compliance[1175]: {"deviceId":"6787315696054308870","deviceIp":"10.240.5.10","deviceIpManagement":"0.0.0.0","deviceBrand":"Cisco","deviceModel":"Generic","deviceHostname":"2960-8p","deviceLocation":"","deviceVersion":"15.0(2)SE11","deviceMacaddress":"1C:E6:C7:C3:7C:00","deviceSerialNumber":"FOC1644W06G","devicePurchaseDate":"","devicePurchaseOrder":"","deviceWarranty":"","deviceMaintenance":"","deviceEol":"","deviceTags":"ONC_AUTOLEARNED","complianceTestGroupId":"6790315131269025803","complianceTestGroup":"IOS_LAN_PORTS","complianceTest":["IOS_LAN_PORTS"],"complianceRule":["IOS_LAN_PORT_STATUS_DETAIL","IOS_LAN_PORT_STATUS_GLOBAL"],"complianceStatus":100,"complianceResultTag":"CGP_IOS_LAN_PORTS"}
9.3.1.21. opennac-poleval-audit.log
This log contains the information related to the audit of the policy evaluation execution.
There is something interesting about this log called Fake Evals. After adding/removing a tag from a device, a fake policy evaluation is performed to evaluate whether that device, with these changes, should switch its VLAN or not, or whether it matches another policy or not. If the answer is positive, if it matches another category and it has to change the VLAN, a true policy evaluation is forced. A toggle port request is placed, and the rule is re-evaluated so that the device matches the appropriate policy.
Path:
/var/log/opennac/opennac-poleval-audit.log
Example:
Mar 10 10:11:19 LAB0oncore opennac-poleval-audit[27806]: found matching policy source[VISIBILITY] policy[6787296414645882889] rule[1] vlan applied[0] vsa[] alert[]: 08:00:27:2B:CB:AC///
Mar 10 09:13:01 LAB0oncore opennac-poleval-audit[23583]: found matching policy source[VISIBILITY] policy[6787296414645882889] rule[1] vlan applied[0] vsa[] alert[]: 4C:80:93:71:C7:85/0.0.0.0// [fake eval]
9.3.1.22. opennac-poleval.log
This log contains the information related to the results of policy evaluations. This contains data such as the device’s MAC, the status of the evaluation and the time it took to be completed (0.055 + 0.1 is how long long it took OpenNAC Enterprise to evaluate the policy and reply to the switch).
Path:
/var/log/opennac/opennac-poleval.log
Example:
Mar 11 08:03:06 LAB0oncore opennac[29034]: Policy eval on [user,mac,netdev,netdevport,netdevportid,source,status] [,1C:E6:C7:C3:7C:40,0.0.0.0,,,PLUGIN,1] matches policy rule [id,num,name] [6787296414645882889,1,Visibility] vlan [0] vlanid[0] returned perfdata[0.055+0.1~0.099(0.077/0/0.013)]
9.3.1.23. opennac-queues.log
This log contains all the information related to OpenNAC Enterprise’s workers errors. Everything that the workers execute that is not redirected to another log, will appear in this log. For example, this could be nmap, netfonf, or netbackp execution errors.
Path:
/var/log/opennac/opennac-queues.log
Example:
[20200309102008] Exception detected job[NetConf] pid[25169]: ssh2_auth_password(): Authentication failed for opennac using password
9.3.1.24. ntlm_auth_exec_time.log
This log contains information related to the time it takes to process NTLM authorizations (time it takes since OpenNAC Enterprise sends the request and the authorization is given). The times recorded in this log may vary between different implementations. Typically, a value of 0.0X is considered normal behavior, but in some implementations, this value may be higher. Therefore, it is important to analyze what is considered normal for each specific implementation to draw accurate conclusions.
Path:
/var/log/opennac/ntlm_auth_exec_time.log
Example:
1.37
9.3.1.25. ntlm_auth_exec_time_exceeded.log
This log contains information related to the NTLM requests that took longer than a threshold to be processed. This threshold is defined in the “/usr/bin/opennac_auth” file on the line NTLM_EXCEED_MILISECONDS=1000. This log contains the date-time and the actual time that the authorization took to be processed. These times will be between the defined threshold and ten seconds. After this time the communication will timeout.
Path:
/var/log/opennac/ntlm_auth_exec_time_exceeded.log
Example:
2020/02/18_113610 3967
9.3.1.26. opennac-access.log
This log contains the apache information related to the API, such as the requests.
Path:
/var/log/httpd/opennac-access_log
Example:
127.0.0.1 - - [12/Mar/2020:12:39:34 +0100] "GET /api/metric/snmpmacchange_worker HTTP/1.1" 200 170 "-" "collectd/4.10.9" 108 355 18124
127.0.0.1 - - [12/Mar/2020:12:39:41 +0100] "GET /api/healthcheck?file=0 HTTP/1.1" 200 5723 "-" "Zend_Http_Client" 366 5909 41097
9.3.1.27. opennac-error.log
This log contains the apache error information related to the API.
Path:
/var/log/httpd/opennac-error_log
Example:
[Wed Jan 22 13:48:02 2020] [error] [client 127.0.0.1] PHP Warning: fsockopen(): unable to connect to 127.0.0.1:4730 (Connection refused) in /usr/share/opennac/api/library/Common/QueueAdmin.php on line 173
[Wed Jan 22 13:48:02 2020] [error] [client 127.0.0.1] PHP Warning: GearmanClient::doHighBackground(): send_packet(GEARMAN_COULD_NOT_CONNECT) Failed to send server-options packet -> libgearman/connection.cc:485 in /usr/share/opennac/api/library/Common/QueueAdmin.php on line 346
9.3.1.28. opennac-https-access.log
This log contains the apache information related to the admonportal and the Agent.
Path:
/var/log/httpd/opennac-https-access_log
Example:
10.20.250.134 - - [12/Mar/2020:12:43:49 +0100] "GET /admin/rest/healthcheck HTTP/1.1" 200 5769 "https://10.10.36.138/admin/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0" 1041 6312 152472
127.0.0.1 - - [12/Mar/2020:12:44:03 +0100] "GET /admin/auth/login HTTP/1.1" 200 150924 "-" "check_http/v2.3.1 (nagios-plugins 2.3.1)" 535 153059 99513
10.20.250.134 - - [12/Mar/2020:12:44:20 +0100] "GET /admin/rest/healthcheck HTTP/1.1" 200 5769 "https://10.10.36.138/admin/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0" 1041 6312 199611
9.3.1.29. opennac-https-error.log
This log contains the apache error information related to the admonportal and the Agent.
Path:
/var/log/httpd/opennac-https-error_log
Example:
[Sun Mar 08 03:21:02 2020] [warn] RSA server certificate CommonName (CN) `opennac.test' does NOT match server name!?
9.3.1.30. messages.log
This log contains global system messages such as the system error messages, system startups and shutdowns, change in the network configuration, etc.
Path:
/var/log/messages
Example:
Mar 8 06:26:01 LAB0oncore auditd[1432]: Audit daemon rotating log files
Mar 8 06:40:09 LAB0oncore named[1531]: managed-keys-zone ./IN/registry: Failed to create fetch for DNSKEY update
9.3.1.31. redis.log
This log contains the information related to the redis application.
Path:
/var/log/redis/redis.log
Example:
1550:M 23 Jan 11:59:11.686 * The server is now ready to accept connections on port 6379
1550:M 23 Jan 11:59:11.943 * Slave 172.16.0.10:6379 asks for synchronization
1550:M 23 Jan 11:59:11.944 * Full resync requested by slave 172.16.0.10:6379
1550:M 23 Jan 11:59:11.944 * Delay next BGSAVE for diskless SYNC
1547:M 23 Jan 09:13:28.299 * Background RDB transfer terminated with success
9.3.1.32. filebeat
This log contains all the events related to the data being sent to the analytics.
Path:
/var/log/filebeat/filebeat
Example:
2020-03-11T09:44:27.614+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":996140,"time":{"ms":55}},"total":{"ticks":1655490,"time":{"ms":95},"value":1655490},"user":{"ticks":659350,"time":{"ms":40}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"24a64d6e-f815-4888-820b-06debb9a08d2","uptime":{"ms":506190027}},"memstats":{"gc_next":6944400,"memory_alloc":5240680,"memory_total":36216094832},"runtime":{"goroutines":35}},"filebeat":{"events":{"added":3,"done":3},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":3,"batches":2,"total":3},"read":{"bytes":12},"write":{"bytes":1261}},"pipeline":{"clients":2,"events":{"active":0,"published":3,"total":3},"queue":{"acked":3}}},"registrar":{"states":{"current":6,"update":3},"writes":{"success":2,"total":2}},"system":{"load":{"1":0.11,"15":0.17,"5":0.14,"norm":{"1":0.0275,"15":0.0425,"5":0.035}}}}}}