Viewing log files
Trisul has a rich logging and monitoring framework. This section explains
- log file locations
- utilities for viewing log files
- the ‘rat’ tool used for in depth monitoring of Trisul Probe pipelines
Log file locations
The three types of log files are
- domain logs – related to the domain processes that co-ordinate distributed nodes
- application logs – the actual trisul probe and hub logs
- web server logs – web apps
The locations of these files are :
On the Probe nodes
| type | what it is | default location | files |
|---|---|---|---|
| Application | main trisul probe process | /usr/local/var/log/trisul-probe/domain0/probe0/context0replace the domain, probe, and context with the actual fields if you have created your own contexts | ns-.log – trisul probe logs, xLuaX.log redirected print() statements fromLUAscript instances |
| Domain | domain processes that co-ordinate nodes | /usr/local/var/log/trisul-probe/domain0/probe0replace with probe ID. Each probe has its own domain processes because they are independent entities even if on the same machine | cp-XX.log probe logs |
On the Hub nodes
| type | what it is | default location | files |
| ----------- | ---------------------------- | | ---- |
| Application | trisul-hub Flush process | /usr/local/var/log/trisul-hub/domain0/hub0/context0replace the domain, hub, and context with the actual values | fs-.log – trisul_flushd database writer logs , qs_.log – trisul_trpdTRPdatabase query logs |
| Domain | domain processes that co-ordinate nodes | /usr/local/var/log/trisul-hub/domain0/hub0 | cp-XX.log hub logs |
| Domain | domain processes that co-ordinate nodes | /usr/local/var/log/trisul-hub/domain0 | rt-XX.log domain router log |
On the database
| type | what it is | default location | files |
|---|---|---|---|
| Application | Web Trisul webserver log | /usr/local/var/log/trisul-hub/webtrisul | production.log – the main webserver log |
Local viewing
The most common scenario is totail -fthe Trisul Probe logs. You can use the aliases defined intrisbashrcto help with this.
-
Use
tailf.nsalias to tail probe logs -
Use
cd.lto change directory to the log directory# as root
source /usr/local/share/trisul-probe trisbashrc
tailf.ns
Read abouttrisbashrcaliases
Similarly for the Hub Node
- Use
tailf.fsto tail database flusher logs - Use
tailf.qsto tail database query logs - Use
cd.lto change directory to the log directory - Use
tailf.wsto tail webtrisul logs - Use
cd.wlto change directory to webtrisul log directory
Remote viewing
Using the trisulctl_ tools you can view log files on any node. This is a really powerful feature that even allows you totaillogs on any node. A common use case is to investigate errors on remote probes from a central hub location.
Say you are on the Hub node and want to view thenslog on probe1
trisulctl_hub
log default@probe1 log=ns
# Latest trisul log from probe1 context default
log default@probe1 log=ns tail
# Remote tail the log
Typehelp logfor various example uses.
Rat – Trisul Internals Viewer
RATis an advanced tool used to monitor internal mechanisms of Trisul Probe. It is mostly used by our developers and field engineers to optimize Trisul Probe for high performance uses.
To use it
rat <config-file> <filter-type>
where filter-type is rxring, pfring, afpacket, ffpcap, or lpcap corresponding to the various input modesexample
rat /usr/local/etc/trisul-probe/domain0/probe0/context0/trisulProbeConfig.xml afpacket
Once rat is up and running you can see the stats of each stage of the filters in thefast pathof Trisul Stream Analytics. Press q to quit.