External Log Viewer

Overview

The External Log Viewer is provided on the version 4 appliance because customers were finding that the built-in log viewer too inefficient for heavy use.

This log viewer stores the data in a database format, which is much more efficient for searching. It automatically updates the database as text log files are created. For technical reasons, it was not possible to modify the core code to store the logs directly into the database, hence this separate application.

One caveat: the external log viewer only records completed log files: the core application writes logs to a working file until that file reaches a certain size, at which point the working file is renamed, and a new one is started. For this reason, the stand-alone log viewer will not show the very latest logs. Smaller installations can alleviate this problem by reducing the size of the individual log files.

Using the External Log Viewer

In order to use the log viewer, you must log in. Enter the following URL in a browser:

https://<swivel_server>:8080/logviewer

Here, <swivel_server> is the IP address or host name of the Swivel server.

Configuring the External Log Viewer

The log viewer as installed is ready to go. However, you may find that you need to alter certain settings if you make changes to the core configuration. The settings for the log viewer can be found on the appliance under

/home/swivel/.swivel/logviewer/swivel.properties

The following is the default configuration:

# Swivel client settings
ssl=false
server=localhost
port=8181
context=sentry
secret=secret
self-signed=true
logfolder=/home/swivel/.swivel/logs
serverid=1
admingroups=SwivelAdmin
helpdeskgroups=SwivelHelpDesk
numberofdaystodeletelogs=60
  • serverid - this is an identifier for the Swivel server. In a HA environment, if the database is shared between servers, you will need to change this value so that each server can be identified. The log viewer writes database records using this identifier, and only retrieves records that match that identifier.
  • admingroups - a comma-separated list of Swivel groups that should be treated as administrators. If you add groups apart from the default SwivelAdmin group, you will need to update this.
  • helpdeskgroups - similar to admingroups, but for Helpdesk users.
  • numberofdaystodeletelogs - specifies how long log records should be kept in the database. You may wish to extend the default value of 60 days.

About compacted log files

The compacted log files has the following structure: log_archive_ date_creation (yyyymmdd) .zip

On 4.2 Version

On the /home/swivel/.swivel/logviewer/swivel.properties file, the folowing information need to be checked:

  • numberofdaystodeletelogs=60

If the compacted log files in the /home/swivel/.swivel/logs/ folder has a date_creation higher than the number of days to delete logs (configuration in /home/swivel/.swivel/logviewer/swivel.properties file), so the compacted log files will not be checked and also the register will be deleted in the database (if exist).

If you updated to the latest version and got problem with the Externel Log Viewer, see how to fix it:

1 - On the /home/swivel/.swivel/logs/ folder move all compacted log files to another folder, in this example I will create a new folder and copy all files to there:

mkdir log_bkp
mv * log_archive_* log_bkp/

Now in the /home/swivel/.swivel/logs/ folder we have the log_bkp/ folder with all compacted log files.

_images/logviewer1.png

2 - Access the database following the commands bellow:

mysql
use swivel_logs
delete * from files;
delete * from events;

In this moment all information of the External Log Viewer will be deleted.

_images/logviewer2.png

3 - In the /home/swivel/.swivel/logviewer/ folder, edit the swivel.properties file:

numberofdaystodeletelogs=60

This configuration will determinate how long log records should be kept in the database, so with numberofdaystodeletelogs=60 means that will read and keep in the database the information from the files that has a date_creation between 2 months.

Example in my case:

Today is 22/08/2022

The compacted files in /home/swivel/.swivel/logs/ folder are from month 02/2022 and 03/2022

_images/logviewer5.png

So I need to change the value of numberofdaystodeletelogs to more or less 210 days (7 months).

After change the file, reboot tomcat.

4 - Now we need to move all compacted log files in /home/swivel/.swivel/logs/log_bkp/ to /home/swivel/.swivel/logs/:

on the /home/swivel/.swivel/logs/log_bkp/ folder use the following command:

mv * ../

Now we have all compacted log files in the /home/swivel/.swivel/logs/ folder:

_images/logviewer3.png

5 - Check external logviewer to see the events:

_images/logviewer4.png