Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Log system details to aid in support and debugging #5946

Closed
andrewkroh opened this issue Dec 22, 2017 · 2 comments · Fixed by #6775
Closed

Proposal: Log system details to aid in support and debugging #5946

andrewkroh opened this issue Dec 22, 2017 · 2 comments · Fixed by #6775
Labels
discuss Issue needs further discussion.

Comments

@andrewkroh
Copy link
Member

At startup we should log details about the system to aid in providing support. This information could help us resolve issues faster because there would be fewer back-and-forths. When logs are provided by the user there wouldn't be a need for questions like "how did you run it", "what OS", "what kind of hardware", "what user were you running as", "are you running in Docker", "what is the machine's local timezone", etc.

For example, at startup we could add a single log line with the system info. We've had similar logging limited to Metricbeat-Windows and it has proven useful when debugging permissions issues.

2017-12-22T01:27:46.710-0500	INFO	instance/beat.go:443	Home path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat] Config path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat] Data path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat/data] Logs path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat/logs]
2017-12-22T01:27:46.710-0500	INFO	instance/beat.go:450	Beat UUID: 06925eef-4707-40f9-82aa-acfe7903dde9
2017-12-22T01:27:46.715-0500	INFO	[beat]	instance/beat.go:247	System details	{"system": {"cwd":"/Users/akroh/go/src/github.com/elastic/beats/filebeat","containerized":false,"go":{"max_procs":8,"goarch":"amd64","version":"go1.9.2"},"hardware":{"architecture":"x86_64","num_cpu":8,"mem_total_bytes":17179869184},"hostname":"macbook15","host_uptime":1248277710786330,"ip":["127.0.0.1/8","::1/128","fe80::1/64","fe80::c3e:88e:842b:c8a3/64","fe80::ccb5:e0ff:fe00:f61d/64","fe80::1f51:a9d7:378:5b34/64","192.168.137.1/24","fe80::aede:48ff:fe00:1122/64"],"kernel_version":"16.7.0","os":{"type":"darwin","name":"Mac OS X","version":"10.12.6","build":"16G1114"},"process":{"name":"filebeat","pid":21455,"ppid":70792,"exe":"/Users/akroh/go/src/github.com/elastic/beats/filebeat/filebeat","args":["./filebeat","-e"]},"terminal":true,"system_time":"2017-12-22T01:27:46-05:00","timezone":"EST","user":{"name":["akroh","Andrew Kroh"],"group":["staff","everyone","localaccounts","_appserverusr","admin","_appserveradm","_lpadmin","access_bpf","com.apple.sharepoint.group.1","_appstore","_lpoperator","_developer","com.apple.access_ftp","com.apple.access_screensharing","com.apple.access_ssh"],"uid":"501","gid":"20"}}}
2017-12-22T01:27:46.715-0500	INFO	instance/beat.go:204	Setup Beat: filebeat; Version: 7.0.0-alpha1

This log message contains:

{
  "system": {
    "cwd": "/Users/akroh/go/src/github.com/elastic/beats/filebeat",
    "containerized": false,
    "go": {
      "max_procs": 8,
      "goarch": "amd64",
      "version": "go1.9.2"
    },
    "hardware": {
      "architecture": "x86_64",
      "num_cpu": 8,
      "mem_total_bytes": 17179869184
    },
    "hostname": "macbook15",
    "host_uptime": 1248277710786330,
    "ip": [
      "127.0.0.1/8",
      "::1/128",
      "fe80::1/64",
      "fe80::c3e:88e:842b:c8a3/64",
      "fe80::ccb5:e0ff:fe00:f61d/64",
      "fe80::1f51:a9d7:378:5b34/64",
      "192.168.137.1/24",
      "fe80::aede:48ff:fe00:1122/64"
    ],
    "kernel_version": "16.7.0",
    "os": {
      "type": "darwin",
      "name": "Mac OS X",
      "version": "10.12.6",
      "build": "16G1114"
    },
    "process": {
      "name": "filebeat",
      "pid": 21455,
      "ppid": 70792,
      "exe": "/Users/akroh/go/src/github.com/elastic/beats/filebeat/filebeat",
      "args": [
        "./filebeat",
        "-e"
      ]
    },
    "terminal": true,
    "system_time": "2017-12-22T01:27:46-05:00",
    "timezone": "EST",
    "user": {
      "name": [
        "akroh",
        "Andrew Kroh"
      ],
      "group": [
        "staff",
        "everyone",
        "localaccounts",
        "_appserverusr",
        "admin",
        "_appserveradm",
        "_lpadmin",
        "access_bpf",
        "com.apple.sharepoint.group.1",
        "_appstore",
        "_lpoperator",
        "_developer",
        "com.apple.access_ftp",
        "com.apple.access_screensharing",
        "com.apple.access_ssh"
      ],
      "uid": "501",
      "gid": "20"
    }
  }
}

On Linux and Windows this will include some additional sections about privileges, capabilities, and seccomp.

  ...
  "capabilities": [
    "cap_chown",
    "cap_dac_override",
    "cap_fowner",
    "cap_fsetid",
    "cap_kill",
    "cap_setgid",
    "cap_setuid",
    "cap_setpcap",
    "cap_net_bind_service",
    "cap_net_raw",
    "cap_sys_chroot",
    "cap_mknod",
    "cap_audit_write",
    "cap_setfcap"
  ],
  ...
  "seccomp": {
    "mode": "filter",
    "no_new_privs": null
  },
@andrewkroh andrewkroh added the discuss Issue needs further discussion. label Dec 22, 2017
@ruflin
Copy link
Contributor

ruflin commented Dec 27, 2017

+1 on this. For the args I wonder if we should be careful here to make sure people to have confidential info inside.

As the info is quite extensive, I wonder if we should only put a subset under INFO and the rest under DEBUG but TBH it's only logged once, so it should not hurt.

@ruflin ruflin mentioned this issue Dec 28, 2017
Merged
@andrewkroh
Copy link
Member Author

I think it's best to put it all under INFO so that it is present by default so we don't need to ask people to do anything special to get this data other than ask for the logs.

Regarding args, I also have the concern that it could contain sensitive data. If I find that I cannot safely redact the sensitive parts I will omit the field.

@andrewkroh andrewkroh mentioned this issue Jan 2, 2018
Merged
@andrewkroh andrewkroh mentioned this issue Apr 4, 2018
Merged
andrewkroh added a commit to andrewkroh/beats that referenced this issue Apr 6, 2018
@andrewkroh
Log system details to aid in debugging
19364a2 
This adds logging of system information to provide more situational awareness when debugging. When a Beat starts it will log data about the host, process, build, and go runtime.

One goal is to help resolve issues faster because there will be fewer back-and-forths. When logs are provided by the user there wouldn't be a need for questions like "how did you run it", "what OS", "what kernel", "what kind of hardware", "are you running in Docker", "what is the machine's local timezone", etc.

Closes elastic#5946
ruflin pushed a commit that referenced this issue Apr 6, 2018
@andrewkroh @ruflin
Log system details to aid in debugging
26c4fc9 
This adds logging of system information to provide more situational awareness when debugging. When a Beat starts it will log data about the host, process, build, and go runtime.

One goal is to help resolve issues faster because there will be fewer back-and-forths. When logs are provided by the user there wouldn't be a need for questions like "how did you run it", "what OS", "what kernel", "what kind of hardware", "are you running in Docker", "what is the machine's local timezone", etc.

Closes #5946
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss Issue needs further discussion.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Log system details to aid in debugging andrewkroh/beats
2 participants
@ruflin @andrewkroh