Sending flow messages from contrail-vrouter-agent to syslog

Registered by Megh Bhatt on 2016-05-25

contrail-vrouter-agent can be configured to send flow messages and other messages to syslog by configuring the following parameters in /etc/contrail/contrail-vrouter-agent.conf

Under the section DEFAULT:
log_flow=1 - This enables logging of all flow messages
use_syslog=1 - This enables sending of all messages including flow messages to syslog
syslog_facility=LOG_LOCAL0 - This will send messages from contrail-vrouter-agent to syslog using facility LOCAL0. User can configure this to the required facility
log_level=SYS_INFO - This will change the logging level of contrail-vrouter-agent to INFO

If syslog is enabled then flow messages will NOT be sent to Contrail Analytics. The destinations are mutually exclusive.

Flow log sampling settings apply the same regardless of the flow log destination specified. If sampling is enabled then syslog messages will be sampled using the same rules that would apply to Contrail Analytics. If non-sampled flow data is required then sampling must be disabled via configuration settings.

Flow events for termination will include both appropriate teardown fields and appreciate setup fields.

The flow messages will be sent to syslog using a severity of INFO

User can then configure rsyslog on the compute node to send syslog messages with facility LOCAL0 , severity INFO and below to remote syslog server and higher severity messages can be logged to local file to allow for debugging.

The flow messages will appear in syslog in a format similar to below log:

May 24 14:40:13 a7s10 contrail-vrouter-agent[29930]: 2016-05-24 Tue 14:40:13:921.098 PDT a7s10 [Thread 139724471654144, Pid 29930]: [SYS_INFO]: FlowLogDataObject: flowdata= [ [ [ flowuuid = 7ea8bf8f-b827-496e-b93e-7622a0c8eeea direction_ing = 1 sourcevn = default-domain:mock-gen-test:vn8 sourceip = 1.0.0.9 destvn = default-domain:mock-gen-test:vn58 destip = 1.0.0.59 protocol = 1 sport = -29520 dport = 20315 setup_time = 1464125225556930 bytes = 1035611592 packets = 2024830 diff_bytes = 27240 diff_packets = 40 ], ] ]

Note that several individual flow messages may be packed into a single syslog message for improved efficiency.

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
Walter Barnes
Direction:
Approved
Assignee:
None
Definition:
New
Series goal:
Accepted for r3.1
Implementation:
Implemented
Milestone target:
milestone icon r3.1.0.0-fcs
Started by
Raj Reddy on 2016-08-03
Completed by
Raj Reddy on 2016-08-03

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.