Extracting ZFSSA log files

Reviewing log file entries on a ZFS storage appliance is a simple task via CLI or BUI. You simply scroll though in 100 entry increments at a time.

This is all well and good if what you are looking for is a recent event. What happens if you are looking for something from a week ago.

Take for example the logs on my test ZFS storage appliance

zfssa1:> maintenance logs show
Logs:

LOG          ENTRIES    LAST
alert        12053      2016-1-26 14:37:11
audit        327680     2016-1-26 14:40:10
fltlog       3          2015-8-5  16:35:13
scrk         116        2016-1-26 09:38:15
system       44759      2016-1-26 09:38:14

I have a number of logs and some with a rather large number of entries.

If I want to review a laert from last week, this could be entry 10, entry 50 or even entry 2050. Until you reach the entry you don't know where it is, there is no search facility.

For arguments sake, lets say the entry is 2000 in the alert log, I would need to select the alert log, and then scroll each 100 entries using the next keyword some 20 times, each time with 100 entries being scrolled at a time. This can be (a) time consuming, or more imprtantly (b) miss what I was looking for.

All is not lost, simple collect the log file (or all logfiles) from the ZFS Storage Appliance in one go, and use your trusty text manipulation tools to search for what you want... Here are the steps necessary from both BUI and CUI to achieve this goal.

Collecting logs via BUI

  1. Login to appliance [ https://(appliance.ip.address):215 ]
  2. Enter your username (typically root) and the associated password,
  3. Select Maintenance,
  4. Under context 'Maintenance' select Logs,
  5. Under context 'Logs', click the Collect button,
  6. From the dialog displayed, select the log of interest and click Apply,
  7. After a short period, a download will start with the desired logs,
  8. You can now use your favourite text editor to search for the entries in question.

Collecting logs via CLI

ssh onto your ZFS storage appliance and execute the following:

maintenance log select log-name collect

For example, lets collect the alert log:

ssh myuser@zfssa1
Last login: xxxxxxxxxxxxxx on console 
zfssa1:> maintenance logs select alert collect

At this point you get pages and pages of scrolling information. Not ideal. A better way would be to extract the log via a ZFS script and redirect the output to a file you can later manipulate.

Collecting logs via CLI script

From command, by far the best option would be to use a ZFS script to extract the desired log and redirect the output to a file so that you can extract at leisure.

Firstly, create a simple script, for example:

script
   run('maintenance logs select alert collect');
.

Save the script, for example named: get-alert-logs.aksh

Then pass this script to the ZFS Storage Appliance, for example:

ssh -T myuser@zfssa1 < get-alert-logs.aksh > alerts.log

The entire log is redirected to the file alerts.log ... You can then browse the logs with ease...