Extracting ZFSSA log files
Reviewing log file entries on a ZFS storage appliance is a simple task via CLI or BUI. You simply scroll though in 100 entry increments at a time.
This is all well and good if what you are looking for is a recent event. What happens if you are looking for something from a week ago.
Take for example the logs on my test ZFS storage appliance
zfssa1:> maintenance logs show Logs: LOG ENTRIES LAST alert 12053 2016-1-26 14:37:11 audit 327680 2016-1-26 14:40:10 fltlog 3 2015-8-5 16:35:13 scrk 116 2016-1-26 09:38:15 system 44759 2016-1-26 09:38:14
I have a number of logs and some with a rather large number of entries.
If I want to review a laert from last week, this could be entry 10, entry 50 or even entry 2050. Until you reach the entry you don't know where it is, there is no search facility.
For arguments sake, lets say the entry is 2000 in the alert log, I would need to select the
alert log, and then scroll each 100 entries using the
next keyword some 20 times, each time with 100 entries being scrolled at a time. This can be (a) time consuming, or more imprtantly (b) miss what I was looking for.
All is not lost, simple collect the log file (or all logfiles) from the ZFS Storage Appliance in one go, and use your trusty text manipulation tools to search for what you want... Here are the steps necessary from both BUI and CUI to achieve this goal.
Collecting logs via BUI
- Login to appliance [ https://(appliance.ip.address):215 ]
- Enter your
username(typically root) and the associated
- Under context 'Maintenance' select
- Under context 'Logs', click the
- From the dialog displayed, select the log of interest and click
- After a short period, a download will start with the desired logs,
- You can now use your favourite text editor to search for the entries in question.
Collecting logs via CLI
ssh onto your ZFS storage appliance and execute the following:
maintenance log select log-name collect
For example, lets collect the alert log:
ssh myuser@zfssa1 Last login: xxxxxxxxxxxxxx on console zfssa1:> maintenance logs select alert collect
At this point you get pages and pages of scrolling information. Not ideal. A better way would be to extract the log via a ZFS script and redirect the output to a file you can later manipulate.
Collecting logs via CLI script
From command, by far the best option would be to use a ZFS script to extract the desired log and redirect the output to a file so that you can extract at leisure.
Firstly, create a simple script, for example:
script run('maintenance logs select alert collect'); .
Save the script, for example named: get-alert-logs.aksh
Then pass this script to the ZFS Storage Appliance, for example:
ssh -T myuser@zfssa1 < get-alert-logs.aksh > alerts.log
The entire log is redirected to the file alerts.log ... You can then browse the logs with ease...