yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1782576] Re: Logging - No SG-log data found at /var/log/syslog

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1782576@xxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Aug 2018 14:40:28 -0000
Reply-to: Bug 1782576 <1782576@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/587681
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ced78395a7952d0e616055892645fd2a6165833f
Submitter: Zuul
Branch:    master

commit ced78395a7952d0e616055892645fd2a6165833f
Author: Nguyen Phuong An <AnNP@xxxxxxxxxxxxxx>
Date:   Wed Aug 1 10:55:55 2018 +0700

    Fix no ACCEPT event can get for security group logging
    
    Currently, we cannot get ACCEPT packet log because there are some
    changed related to ovs firewall code since ovs firewall logging has
    been merged.
    
    Regarding to performance perspective, we only log first accepted packet.
    So we only need to forward first accepted packet of each connection
    session to table 91 and table 92.
    
    So this patch fixes these issues.
    
    Closes-Bug: #1782576
    Change-Id: Ib6ced838a7ec6d5c459a8475318556001c31bdf0


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1782576

Title:
  Logging - No SG-log data found at /var/log/syslog

Status in neutron:
  Fix Released

Bug description:
  When I created log-resource with security_group, log data didn't show
  at /var/log/syslog at all.

  [Environment]
  $ lsb_release -a; uname -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:    Ubuntu 16.04.4 LTS
  Release:        16.04
  Codename:       xenial
  Linux kolla 4.4.0-130-generic #156-Ubuntu SMP Thu Jun 14 08:53:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

  devstack all-in-one

  [Configuration]

  /etc/neutron/neutron.conf
  service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,log

  /etc/neutron/plugins/ml2/ml2_conf.ini
  [securitygroup]
  firewall_driver = openvswitch
  [agent]
  extensions = log

  [Operation]
  $ openstack server create --image cirros-0.3.5-x86_64-disk --flavor c1 --network private vm1
  $ openstack network log create --resource-type security_group --resource <sg-id> --enable --event ALL sg-log

  [ovs flow log]
  I compared following conditions with'$ovs-ofctl dump-flows br-int':
  http://paste.openstack.org/compare/726273/726272/

      1. Before creating log-resource
      2. After created log-resource

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1782576/+subscriptions

References

[Bug 1782576] [NEW] Logging - No SG-log data found at /var/log/syslog
From: Yushiro FURUKAWA, 2018-07-19