Skip to content

Commit

Permalink
How to access logs
Browse files Browse the repository at this point in the history
  • Loading branch information
@frozenprocess
frozenprocess committed Nov 19, 2024
1 parent 8fe7fe2 commit 6587755
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions calico/network-policy/policy-rules/log-rules.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,10 @@ In the iptables dataplane, the Log action logs the traffic at the point of evalu

<Tabs groupId='log-rules'>
<TabItem label="eBPF" value="eBPF">
eBPF logs are sent to the

eBPF policy logs are sent to the trace pipe and can be viewed by using the following command:
```bash
kubectl exec -n calico-system -it ds/calico-node -- bpftool prog tracelog

Check failure on line 65 in calico/network-policy/policy-rules/log-rules.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'kubectl'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'kubectl'?", "location": {"path": "calico/network-policy/policy-rules/log-rules.mdx", "range": {"start": {"line": 65, "column": 1}}}, "severity": "ERROR"}

Check failure on line 65 in calico/network-policy/policy-rules/log-rules.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'bpftool'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'bpftool'?", "location": {"path": "calico/network-policy/policy-rules/log-rules.mdx", "range": {"start": {"line": 65, "column": 53}}}, "severity": "ERROR"}

Check failure on line 65 in calico/network-policy/policy-rules/log-rules.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'tracelog'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'tracelog'?", "location": {"path": "calico/network-policy/policy-rules/log-rules.mdx", "range": {"start": {"line": 65, "column": 66}}}, "severity": "ERROR"}
```

An eBPF log starts with the pid name and ID

Check failure on line 68 in calico/network-policy/policy-rules/log-rules.mdx

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'pid'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'pid'?", "location": {"path": "calico/network-policy/policy-rules/log-rules.mdx", "range": {"start": {"line": 68, "column": 29}}}, "severity": "ERROR"}

Expand All @@ -78,7 +80,13 @@ curl-5288 [000] ..s2. 3055.982021: bpf_trace_printk: cali527b0801ecb-E: poli

</TabItem>
<TabItem label="iptables/ipvs" value="iptables">
iptables/ipvs logs are sent to the syslog, this requires your host installation to have the rsyslog package.
Policy logs are sent to the syslog, this requires your host installation to have the rsyslog package.

Use the following command to access your policy logs
```bash
journalctl | egrep calico-packet
```

Example of iptable logs:
```bash
2024-11-19T12:15:03.023805-08:00 c1-control kernel: calico-packet: IN=cali527b0801ecb OUT=eth0 MAC=ee:ee:ee:ee:ee:ee:1e:0a:36:33:f5:09:08:00 SRC=172.16.193.134 DST=69.147.80.15 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=58406 DF PROTO=TCP SPT=45588 DPT=80 WINDOW=64860 RES=0x00 SYN URGP=0
Expand Down Expand Up @@ -171,3 +179,6 @@ kubectl patch kubecontrollersconfiguration default --type=merge --patch='{"spec"
For more on the match criteria and policy actions, see:
- [Global network policy](../../reference/resources/globalnetworkpolicy.mdx)
- [Network policy](../../reference/resources/networkpolicy.mdx)
- [Host protection](../hosts/index.mdx)

0 comments on commit 6587755

Please sign in to comment.