- Enable/Disable Windows Node Logging
- Working with a Custom Docker Root Directory
- Adding NodeSelector Settings and Tolerations for Custom Taints
- Enabling the Logging Application to Work with SELinux
- Additional Logging Sources
- Systemd Configuration
Enable/Disable Windows Node Logging
You can enable or disable Windows node logging by setting
global.cattle.windows.enabled to either
false in the
By default, Windows node logging will be enabled if the Cluster Dashboard UI is used to install the logging application on a Windows cluster.
In this scenario, setting
false will disable Windows node logging on the cluster.
When disabled, logs will still be collected from Linux nodes within the Windows cluster.
Note: Currently an issue exists where Windows nodeAgents are not deleted when performing a
helm upgradeafter disabling Windows logging in a Windows cluster. In this scenario, users may need to manually remove the Windows nodeAgents if they are already installed.
Working with a Custom Docker Root Directory
If using a custom Docker root directory, you can set
This will ensure that the Logging CRs created will use your specified path rather than the default Docker
Note that this only affects Linux nodes.
If there are any Windows nodes in the cluster, the change will not be applicable to those nodes.
Adding NodeSelector Settings and Tolerations for Custom Taints
You can add your own
nodeSelector settings and add
tolerations for additional taints by editing the logging Helm chart values. For details, see this page.
Enabling the Logging Application to Work with SELinux
Requirements: Logging v2 was tested with SELinux on RHEL/CentOS 7 and 8.
Security-Enhanced Linux (SELinux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on CentOS 7 and 8.
To use Logging v2 with SELinux, we recommend installing the
rancher-selinux RPM according to the instructions on this page.
Then, when installing the logging application, configure the chart to be SELinux aware by changing
true in the
Additional Logging Sources
In some cases, Rancher may be able to collect additional logs.
The following table summarizes the sources where additional logs may be collected for each node types:
|Logging Source||Linux Nodes (including in Windows cluster)||Windows Nodes|
To enable hosted Kubernetes providers as additional logging sources, enable Enable enhanced cloud provider logging option when installing or upgrading the Logging Helm chart.
When enabled, Rancher collects all additional node and control plane logs the provider has made available, which may vary between providers
If you’re already using a cloud provider’s own logging solution such as AWS CloudWatch or Google Cloud operations suite (formerly Stackdriver), it is not necessary to enable this option as the native solution will have unrestricted access to all logs.
In Rancher logging,
SystemdLogPath must be configured for K3s and RKE2 Kubernetes distributions.
K3s and RKE2 Kubernetes distributions log to journald, which is the subsystem of systemd that is used for logging. In order to collect these logs, the
systemdLogPath needs to be defined. While the
run/log/journal directory is used by default, some Linux distributions do not default to this path. For example, Ubuntu defaults to
var/log/journal. To determine your
systemdLogPath configuration, see steps below.
Steps for Systemd Configuration:
cat /etc/systemd/journald.conf | grep -E ^\#?Storage | cut -d"=" -f2on one of your nodes.
persistentis returned, your
volatileis returned, your
autois returned, check if
/var/log/journalexists, then use
/var/log/journaldoes not exist, then use
Note: If any value not described above is returned, Rancher Logging will not be able to collect control plane logs. To address this issue, you will need to perform the following actions on every control plane node:
- Reboot your machine.