Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 1. Logging

Red Hat OpenStack Platform writes informational messages to specific log files; you can use these messages for troubleshooting and monitoring system events.


You need not attach the individual log files to your support cases manually. All the required information will be gathered automatically by the sosreport utility, which is described in Chapter 3, Troubleshooting.

1.1. Log Files for OpenStack Services

Each OpenStack component has a separate logging directory containing files specific to a running service.

1.1.1. Bare Metal Provisioning (ironic) Log Files

ServiceService NameLog Path

OpenStack Ironic API



OpenStack Ironic Conductor



1.1.2. Block Storage (cinder) Log Files

ServiceService NameLog Path

Block Storage API



Block Storage Backup



Informational messages

The cinder-manage command


Block Storage Scheduler



Block Storage Volume



1.1.3. Compute (nova) Log Files

ServiceService NameLog Path

OpenStack Compute API service



OpenStack Compute certificate server



OpenStack Compute service



OpenStack Compute Conductor service



OpenStack Compute VNC console authentication server



Informational messages

nova-manage command


OpenStack Compute NoVNC Proxy service



OpenStack Compute Scheduler service



1.1.4. Dashboard (horizon) Log Files

ServiceService NameLog Path

Log of certain user interactions

Dashboard interface


The Apache HTTP server uses several additional log files for the Dashboard web interface, which can be accessed using a web browser or command-line clients (keystone, nova). The following log files can be helpful in tracking the usage of the Dashboard and diagnosing faults:

PurposeLog Path

All processed HTTP requests


HTTP errors


Admin-role API requests


Admin-role API errors


Member-role API requests


Member-role API errors



There is also /var/log/httpd/default_error.log, which stores errors reported by other web services running on the same host.

1.1.5. Data Processing (sahara) Log Files

ServiceService NameLog Path

Sahara API Server



Sahara Engine Server



1.1.6. Database as a Service (trove) Log Files

ServiceService NameLog Path

OpenStack Trove API Service



OpenStack Trove Conductor Service



OpenStack Trove guestagent Service



OpenStack Trove taskmanager Service



1.1.7. Identity Service (keystone) Log Files

ServiceService NameLog Path

OpenStack Identity Service



1.1.8. Image Service (glance) Log Files

ServiceService NameLog Path

OpenStack Image Service API server



OpenStack Image Service Registry server



1.1.9. Networking (neutron) Log Files

ServiceService NameLog Path

OpenStack Neutron DHCP Agent



OpenStack Networking Layer 3 Agent



Metadata agent service



Metadata namespace proxy



Open vSwitch agent



OpenStack Networking service



1.1.10. Object Storage (swift) Log Files

OpenStack Object Storage sends logs to the system logging facility only.


By default, all Object Storage log files to /var/log/swift/swift.log, using the local0, local1, and local2 syslog facilities.

The log messages of Object Storage are classified into two broad categories: those by REST API services and those by background daemons. The API service messages contain one line per API request, in a manner similar to popular HTTP servers; both the frontend (Proxy) and backend (Account, Container, Object) services post such messages. The daemon messages are less structured and typically contain human-readable information about daemons performing their periodic tasks. However, regardless of which part of Object Storage produces the message, the source identity is always at the beginning of the line.

An example of a proxy message:

Apr 20 15:20:34 rhev-a24c-01 proxy-server: 20/Apr/2015/19/20/34 GET /v1/AUTH_zaitcev%3Fformat%3Djson%26marker%3Dtestcont HTTP/1.0 200 - python-swiftclient-2.1.0 AUTH_tk737d6... - 2 - txc454fa8ea4844d909820a-0055355182 - 0.0162 - - 1429557634.806570053 1429557634.822791100

An example of ad-hoc messages from background daemons:

Apr 27 17:08:15 rhev-a24c-02 object-auditor: Object audit (ZBF). Since Mon Apr 27 21:08:15 2015: Locally: 1 passed, 0 quarantined, 0 errors files/sec: 4.34 , bytes/sec: 0.00, Total time: 0.23, Auditing time: 0.00, Rate: 0.00
Apr 27 17:08:16 rhev-a24c-02 object-auditor: Object audit (ZBF) "forever" mode completed: 0.56s. Total quarantined: 0, Total errors: 0, Total files/sec: 14.31, Total bytes/sec: 0.00, Auditing time: 0.02, Rate: 0.04
Apr 27 17:08:16 rhev-a24c-02 account-replicator: Beginning replication run
Apr 27 17:08:16 rhev-a24c-02 account-replicator: Replication run OVER
Apr 27 17:08:16 rhev-a24c-02 account-replicator: Attempted to replicate 5 dbs in 0.12589 seconds (39.71876/s)
Apr 27 17:08:16 rhev-a24c-02 account-replicator: Removed 0 dbs
Apr 27 17:08:16 rhev-a24c-02 account-replicator: 10 successes, 0 failures

1.1.11. Orchestration (heat) Log Files

ServiceService NameLog Path

OpenStack Heat API Service



Openstack Heat Engine Service



Orchestration service events



1.1.12. Shared Filesystem Service (manila) Log Files

ServiceService NameLog Path

OpenStack Manila API Server



OpenStack Manila Scheduler



OpenStack Manila Share Service




Some information from the Manila Python library can also be logged in /var/log/manila/manila-manage.log.

1.1.13. Telemetry (ceilometer) Log Files

ServiceService NameLog Path

OpenStack ceilometer notification agent



OpenStack ceilometer alarm evaluation



OpenStack ceilometer alarm notification



OpenStack ceilometer API



Informational messages

MongoDB integration


OpenStack ceilometer central agent



OpenStack ceilometer collection



OpenStack ceilometer compute agent



1.1.14. Log Files for Supporting Services

The following services are used by the core OpenStack components and have their own log directories and files.

ServiceService NameLog Path

Message broker (RabbitMQ)


/var/log/rabbitmq/rabbit@short_hostname-sasl.log (for Simple Authentication and Security Layer related log messages)

Database server (MariaDB)



Document-oriented database (MongoDB)



Virtual network switch (Open vSwitch)



1.2. Configure Logging Options

Each component maintains its own separate logging configuration in its respective configuration file. For example, in Compute, these options are set in /etc/nova/nova.conf:

  • Increase the level of informational logging by enabling debugging. This option greatly increases the amount of information captured, so you may want to consider using it only temporarily, or first reviewing your log rotation settings.

  • Enable verbose logging:

  • Change the log file path:

  • Send your logs to a central syslog server:


Options are also available for timestamp configuration and log formatting, among others. Review the component’s configuration file for additional logging options.

1.3. Remote Logging Installation and Configuration

1.3.1. Introduction to Remote Logging

All systems generate and update log files recording their actions and any problems they encounter. In a distributed or cloud computing environment that contains many systems, collecting these log files in a central location simplifies debugging.

The rsyslog service provides facilities both for running a centralized logging server and for configuring individual systems to send their log files to the centralized logging server. This is referred to as configuring the systems for remote logging.

1.3.2. Install rsyslog Server

The rsyslog package must be installed on the system that you intend to use as a centralized logging server and all systems that will be configured to send logs to it. To do so, log in as the root user and install the rsyslog package:

# yum install rsyslog

The rsyslog package is installed and ready to be configured.

1.3.3. Configure rsyslog on the Centralized Logging Server

The steps in this procedure must be followed on the system that you intend to use as your centralized logging sever. All steps in this procedure must be run while logged in as the root user.

  1. Configure SELinux to allow rsyslog traffic.

    # semanage port -a -t syslogd_port_t -p udp 514
  2. Open the /etc/rsyslog.conf file in a text editor.

    1. Add the following lines to the file, defining the location logs will be saved to:

      $template TmplMsg, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
      $template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
      authpriv.*   ?TmplAuth
      *.info,mail.none,authpriv.none,cron.none   ?TmplMsg
    2. Remove the comment character (#) from the beginning of these lines in the file:

      #$ModLoad imudp
      #$UDPServerRun 514
    3. Save the changes to the /etc/rsyslog.conf file.

Your centralized log server is now configured to receive and store log files from the other systems in your environment.

1.3.4. Configure rsyslog on Individual Nodes

Apply the steps listed in this procedure to each of your systems to configure them to send logs to a centralized log server. All steps listed in this procedure must be performed while logged in as the root user.

  1. Edit the /etc/rsyslog.conf, and specify the address of your centralized log server by adding the following:


    Replace YOURSERVERADDRESS with the address of the centralized logging server. Replace YOURSERVERPORT with the port on which the rsyslog service is listening. For example:

    *.*   @



    The single @ sign specifies the UDP protocol for transmission. Use @@ to specify the TCP protocol for transmission.


    The use of the wildcard (*) character in these example configurations indicates to rsyslog that log entries from all log facilities and of all log priorities must be sent to the remote rsyslog server.

    For information on applying more precise filtering of log files refer to the manual page for the rsyslog configuration file, rsyslog.conf. Access the manual page by running man rsyslog.conf.

  2. Once the rsyslog service is started or restarted the system will send all log messages to the centralized logging server.

1.3.5. Start the rsyslog Server

The rsyslog service must be running on both the centralized logging server and the systems attempting to log to it.

The steps in this procedure must be performed while logged in as the root user.

  1. Start the rsyslog service:

    # service rsyslog start
  2. Ensure the rsyslog service starts automatically in the future:

    # chkconfig rsyslog on

The rsyslog service has been started. The service will start sending or receiving log messages based on its local configuration.