Logging¶
XML Logging¶
- ‘Level’: Minimum level of logging entries that will be stored in the XML log files. The levels, in order of increasing severity, are info, warning, error and fatal. Logging to XML files may be disabled entirely by selecting Off.
- ‘Max. single file size (KB)’: Maximum file size (KB) for each XML log file. When the currently in use log file reaches this size a new log file is started.
- ‘Compress log files after # days’: Set this value to the number of days to keep log files before compressing them to zip files. Zipped log files will no longer be shown in the log viewer, but the zip files will remain on the server until the time specified below, to allow time for them to be archived. If this value is set to 0, log files will never be compressed. The default value for this is 7 days.
- ‘Delete log files after # days’: Set this value to the number of days to keep log files (compressed or uncompressed) before deleting them from the server.If this value is set to 0, log files are never deleted. If this value is set lower than the previous value, files are never compressed, but deleted directly. The default value for this is 180 days (i.e. approx. 6 months). When setting this and the previous value, consider the available disk space on the Swivel server. Also bear in mind that logs will fill up more quickly on busier servers.
- ‘Tidy log file schedule’: Specifies when the service that tidies up log files will be run. By default, it is run once a day. Files are tidied according to the settings above: files older than the specified times will be compressed or deleted.If you turn this option off (by setting the schedule to Never), log files will never be deleted.
- ‘Debug enabled’: this option is no longer used: there are no debug log events.
Output to Syslog¶
- ‘Level’: Minimum level of logging entries that will be sent to the external syslog server. The levels, in order of increasing severity, are info, warning, error and fatal. Logging to a syslog server may be disabled entirely by selecting Off.
- ‘Host’: Syslog host to send logging event to.
- ‘Facility’: Syslog facility in which logging events will be sent to on the syslog host.
Output to Email (SMTP)¶
- ‘From email address’: Address from which logging event emails will appear to originate.The email will contain the events within the smtp event buffer.
- ‘Email Trigger’: The event that will trigger the sending of an error email.
- ‘Logging Level’: The level of events to be contained in the smtp event buffer.
- ‘Event Buffer Size’: The number of events to be stored in teh smtp event buffer.
- ‘Errors Email Address’: Email address to which error and fatal logging events should be sent.
- ‘Errors subject’: Subject line for error and fatal logging event emails.
- ‘Send account locks’: Enable/disable the sending of account locked events via email. When enabled emails will be sent to the configured address when a user account becomes locked.
- ‘Account locks email address’: Email address to which account locked events should be sent.
- ‘Account locks subject’: Subject line for account locked event emails.
- ‘Send User Account Create/Delete’: Enable/disable the sending of account creation/deletion events via email. When enabled emails will be sent to the configured address when a user account is created or deleted.
- ‘Account audit email address’: Email address to which account locked events should be sent.
- ‘Account create subject’: Subject line for account creation event emails.
- ‘Account create message body’: Message for account creation event emails.
- ‘Account delete subject’: Subject line for account deletion event emails.
- ‘Account delete message body’: Message for account deletion event emails.
- ‘Send User Authenticated’: It is possible to send an email to the user every time they authenticate
- ‘Locale for authentication message’: In certain circumstance the locale may need to be specified to support non-standard characters
- ‘Time offset for authentication message’: Allows to specify the time offset for the message to allow for the fact that the users may be in a different timezone to the Swivel server.
- ‘Authenticated message subject’: Subject line for authentication event emails.
- ‘Authenticated message body’: Message for authentication event emails.
Using the Log Viewer¶
The logs can be searched using the fields at the top of the page:
- Filter: Set the minimum level for displayed log records: ‘ALL’, ‘INFO’, ‘WARN’, ‘ERROR’ and ‘FATAL’.
- Search for: Enter text to search for. Note that only exact matches are found, and the search is case sensitive.
- Between … ‘and’: Set the start and end date and time to search for. Clicking on the ‘select date’ link below the date shows a calendar pop-up to select the date.
Additionally, you can specify how many records are shown on the page, and use the Later and ‘Earlier’ links to show more records.
Finally, the (save) link will retrieve the current data as a text (XML) file.
Stand-Alone Log Viewer Application¶
The Stand-Alone Log Viewer is provided on the version 4 appliance because customers were finding that the built-in log viewer too inefficient for heavy use.
This log viewer stores the data in a database format, which is much more efficient for searching. It automatically updates the database as text log files are created. For technical reasons, it was not possible to modify the core code to store the logs directly into the database, hence this separate application.
One caveat: the stand-alone log viewer only records completed log files: the core application writes logs to a working file until that file reaches a certain size, at which point the working file is renamed, and a new one is started. For this reason, the stand-alone log viewer will not show the very latest logs. Smaller installations can alleviate this problem by reducing the size of the individual log files.
Using the Stand-Alone Log Viewer¶
In order to use the log viewer, you must log in. Enter the following URL in a browser:
https://<swivel_server>:8080/logviewer
Here, <swivel_server> is the IP address or host name of the Swivel server.
It uses the core authentication, so any administrator or helpdesk user on the core database can log in
You will then see the main viewer page
The search facilities are similar to the built-in log viewer: you can search according to
- Level: ‘ALL’, ‘INFO’, ‘WARN’, ‘ERROR’ and ‘FATAL’
- Start and End date and time
- Search text. Note that, unlike the built-in log viewer, the standalone viewer search is case-insensitive. Also, since it uses the built-in text search features of the database, it ignores certain common words such as ‘and’ and ‘the’.
Configuring the Stand-Alone Log Viewer¶
The log viewer as installed is ready to go. However, you may find that you need to alter certain settings if you make changes to the core configuration. The settings for the log viewer can be found on the appliance under
/usr/local/apache-tomcat/webapps/logviewer/WEB-INF/classes/swivel.properties
The following is the default configuration:
# Swivel client settings
ssl=false
server=localhost
port=8181
context=sentry
secret=secret
self-signed=true
logfolder=/home/swivel/.swivel/logs
serverid=1
dbtype=mysql
admingroups=SwivelAdmin
helpdeskgroups=SwivelHelpDesk
numberofdaystodeletelogs=60
Values you might need to change are:
- serverid - this is an identifier for the Swivel server. In a HA environment, if the database is shared between servers, you will need to change this value so that each server can be identified. The log viewer writes database records using this identifier, and only retrieves records that match that identifier.
- admingroups - a comma-separated list of Swivel groups that should be treated as administrators. If you add groups apart from the default ‘’’SwivelAdmin’’’ group, you will need to update this.
- helpdeskgroups - similar to admingroups, but for Helpdesk users.
- numberofdaystodeletelogs - specifies how long log records should be kept in the database. You may wish to extend the default value of 60 days.