Gateway Logging

By Rumena Zlatkova (Deactivated)
6 min

The /etc/caringo/cloudgateway/logging.yaml file is a standard log4j2 configuration file installed with a Content Gateway server.

Upgrading from Content Gateway 5.x

The configuration file for logging has been changed from logging.cfg to logging.yaml. The logging.cfg is no longer used.

Back Up the Existing Configuration

Save copies of any prior configuration files when making changes using the copy command. Also, check for files like logging.yaml.rpmnew to be sure you are using the latest configuration we ship; yum does not replace modified configuration files.

cp /etc/caringo/cloudgateway/logging.yaml{,.bak}

  • On the Content Gateway server:

    • /etc/caringo/cloudgateway/logging.yaml

Upgrading logging.yaml to a Newer Version

Upgrading after customizing /etc/caringo/cloudgateway/logging.yaml does not replace the file with changes in the new release. Instead the new version is written to logging.yaml.rpmnew. It is important to keep up to date with changes. Otherwise, for example, upgrading to v8.2 will result in cloudgateway_server.log entries like this appearing for each request.

2025-03-01 09:14:31,192 INFO [qtp1982703147-2278|DAC2D7970025BD6D] GatewayServletRequest: {"tim":"2025-03-01T10:14:31.194","rid":"DAC2D7970025BD6D","typ":"PutObject","dur":"490","sub":[{"typ":"quotaCheck","dur":"0"},{"typ":"POST","dur":"490"},{"typ":"lcWrite","dur":"0"}]}

Update logging.yaml by determining your current customizations with diff -u logging.yaml logging.yaml.rpmnew, then backup and replace logging.yaml with logging.yaml.rpmnew. Reapply your customizations, which should be only uncommenting the syslog lines and setting the syslog host to your SCS.

System Logging

The Content Gateway server’s system logs record operational details about the execution of the Content Gateway and assist administrators and DataCore Support to monitor and troubleshoot issues.

Log Levels

Editing the logLevel property in the logging.yaml file changes the logging level in /var/log/caringo/cloudgateway_server.log (not the cloudgateway_audit.log file). There is no need to restart for the new level to take effect because the file is checked for changes every few seconds. The logLevel property is located at the top of the logging.yaml file for easy access as of Content Gateway v7.1.

These are the levels available:

  • trace

  • debug

  • info (default)

  • warn

  • error

Info

To diagnose authentication and authorization issues (e.g., S3 signature errors) in Gateway 8.0.0 and later, set the Root logLevel to debug. Additionally, update the com.caringo.gateway.auth level at the end of logging.yaml from info to debug:

## Extra volume knobs, as these can be quite noisy. - name: com.caringo.gateway.auth level: debug # default is info

Rolling Files

The extract from the logging.yaml file shows logging directly to the Content Gateway server's file system, rolling log files when they reach 100 MB in size, and keeping 10 generations of rolled log files:

RollingFile: # A file appender - name: file fileName: ${logpath}/cloudgateway_server.log filePattern: ${logpath}/cloudgateway_server.log.%i # filePattern: "${logpath}/cloudgateway_server.%i.log.gz" PatternLayout: pattern: ${logPattern} Policies: SizeBasedTriggeringPolicy: size: 100 MB DefaultRollOverStrategy: max: 10 ...

Timestamps in Filenames

The field %d{ISO8601} in the conversion pattern tells Content Gateway to provide its own timestamp value.

pattern="%d{ISO8601}{GMT} %p [%X{requestId}] %msg%n"

Audit Logging

The audit logging data feed records client requests to the storage system in a well-defined format that is suitable for automatic processing by billing and compliance applications. The definition of this format is documented in Gateway Audit Logging.

The audit logging is configured within the logging.yaml file, along with the system logging configuration. The audit log looks for the name: audit to separate messages from system messages. This must not be modified 

The extract from the logging.yaml file shows audit logging directly to the Content Gateway server's file system, rolling log files when they reach 100 MB in size, and keeping 10 generations of rolled log files:

RollingFile: ... # Audit log appender - DO NOT MODIFY!!! - name: audit fileName: ${logpath}/cloudgateway_audit.log filePattern: ${logpath}/cloudgateway_audit.log.%i # filePattern: ${logpath}/cloudgateway_audit.%i.log.gz PatternLayout: pattern: "%d{ISO8601}{GMT} %p [%X{requestId}] %msg%n" Policies: SizeBasedTriggeringPolicy: size: 100 MB DefaultRollOverStrategy: max: 10

Syslog Setup for SCS

By default, the Content Gateway server’s audit and server log messages are sent to a file local to each Content Gateway server, but they should also be sent to a centralized syslog server, such as the SCS server.

Perform the following modifications to send logs to a syslog server:

Enable Syslog

Perform the following modifications on each Content Gateway server’s /etc/caringo/cloudgateway/logging.yaml.

  1. Set the “host” in both places (under audit_syslog and server_syslog) to the private side IP address of the SCS. This IP address needs to be on the same subnet as the storage nodes.

  2. Uncomment the lines “ref: audit_syslog” and “ref: server_syslog”.

Verify the Syslog Entries

Check the places where it defines the syslog in logging.yaml.

  1. Configure the IP addresses seen below with the private side IP address of the SCS. If unclear, type ip a on the SCS and look for the IP address that matches the same subnet as the storage nodes.

    Syslog: - name: gateway host: 192.168.203.5 ... - name: gateway_audit host: 192.168.203.5 ... Loggers: # Global logging configuration Root: level: "${logLevel}" AppenderRef: - ref: file - ref: server_syslog Logger: # Audit logger - name: audit level: info additivity: false AppenderRef: - ref: audit - ref: audit_syslog ...

  2. Nothing needs to be restarted or the logging changes to take effect.

  3. Check in /var/log/datacore/ on the SCS server for entries in the Content Gateway server and audit logs.

Syslog Setup on Legacy CSN

The SCS, at least in recent versions, already includes the /etc/rsyslog.conf and /etc/logrotate.d/ configurations to accept Content Gateway audits and server logs. The legacy CSN does not have that by default. These instructions can also be used if using a custom syslog server. Always backup configuration files before modifying them.

Configure Syslog

Configure the Syslog server with the location to write these log files.

  1. Navigate to the CSN's /etc/rsyslog.conf and add these two lines in the local* section at the bottom of the file:

    local4.* /var/log/caringo/cloudgateway_audit.log local5.* /var/log/caringo/cloudgateway_server.log

  2. Add the following line above /var/log/messages in the /etc/rsyslog.conf file to avoid duplicating incoming messages from Gateway and Elasticsearch logs to the /var/log/messages file.

    local0,local1,local2,local3,local4,local5,local6.* stop

    The result resembles:

    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) $template CaringoFormat,"%fromhost-ip% %rawmsg%\n" $ActionFileDefaultTemplate CaringoFormat $IncludeConfig /etc/rsyslog.d/*.conf $IncludeConfig /etc/caringo/syslog-alerter/syslog-alerter-rsyslog.conf local0,local1,local2,local3,local4,local5,local6.* stop *.info;mail.none;authpriv.none;cron.none;local0.none;local3.none;local4.none;local5.none;local6.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log $ModLoad imudp.so $SystemLogRateLimitInterval 0 local3.* /var/log/caringo/scspproxy.log local6.* /var/log/caringo/castor.log local0.* /var/log/caringo/csn.log local4.* /var/log/caringo/cloudgateway_audit.log local5.* /var/log/caringo/cloudgateway_server.log $UDPServerRun 514

  3. Save the file and restart rsyslog: service rsyslog restart.

Enable Rotation

Create these two rotation files and add them to /etc/logrotate.d/. Be sure logrotate is run hourly (/etc/cron.hourly/logrotate), not daily.

caringo-content-gateway-server

# Content Gateway Server logrotate.d file # /var/log/caringo/cloudgateway_server.log { weekly rotate 30 size 512M compress missingok copytruncate dateformat -%Y-%m-%d-%s.log }

caringo-content-gateway-audit

# Content Gateway Audit logrotate.d file # /var/log/caringo/cloudgateway_audit.log { weekly rotate 30 size 512M compress missingok copytruncate dateformat -%Y-%m-%d-%s.log }

Update Existing Log Rotation

caringo-castor

Also, ensure that you have a dateformat line in /etc/logrotate.d/caringo-castor as in the above files. The default log file format when compressed will only allow you to logrotate once per day, so quickly rolling logs won’t rotate hourly as expected/ desired. You may also update the rotate line so that the CSN keeps more than 8 files- a good number might be 30 (as shown below) presuming there is enough space in /var/log. The resulting /etc/logrotate.d/caringo-castor file should look like this:

# # CAStor logrotate.d file # # /var/log/caringo/castor.log { weekly rotate 30 size 512M compress missingok copytruncate dateformat -%Y-%m-%d-%s.log }

Enable Syslog

Perform the following modifications on each Content Gateway server’s /etc/caringo/cloudgateway/logging.yaml.

  1. Set the “host” in both places (under audit_syslog and server_syslog) to the private side IP address- the bond0 interface- of the CSN. The bond0 interface should end in .5. This IP address needs to be on the same subnet as the storage nodes.

  2. Uncomment the lines “ref: audit_syslog” and “ref: server_syslog”.

Verify the Syslog Entries

Check the places where it defines the syslog in logging.yaml.

  1. Configure the IP addresses seen below with the bond0 IP address of the CSN. If unclear, type ifconfig bond0 on the CSN.

    Syslog: - name: gateway host: 192.168.203.5 ... - name: gateway_audit host: 192.168.203.5 ... Loggers: # Global logging configuration Root: level: "${logLevel}" AppenderRef: - ref: file - ref: server_syslog Logger: # Audit logger - name: audit level: info additivity: false AppenderRef: - ref: audit - ref: audit_syslog ...

  2. Nothing needs to be restarted or the logging changes to take effect.

  3. Check in /var/log/caringo/ on the CSN for entries for the Content Gateway server and audit logs.

Troubleshooting

Diagnosing configuration problems for logging can be challenging. Check /var/log/messages for errors from "startgateway" if the expected log files are not present.

 

Related content

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.