How to get platform logs

[ultragtx]

Hi, I've deployed logsearch following this guide https://github.com/cloudfoundry-community/logsearch-for-cloudfoundry/blob/develop/docs/deployment.md

In Kibana, I can only find app related logs, like cf push APP, cf ssh APP, stdout and stderr from apps. How can I get platform logs like UAA audit?

Here's the manifest https://gist.github.com/ultragtx/17a6b248da868842a626ea060cfaa08c#file-logsearch-cf-yml.

[Infra-Red]

@ultragtx Hi, you should reconfigure your Cloud Foundry deployment to forward components logs to Logsearch, add next properties to CF deployment manifest and redeploy:
https://github.com/cloudfoundry-community/logsearch-for-cloudfoundry/blob/develop/docs/deployment.md#8-update-cloudfoundry-deployment-to-forward-component-logs-to-ingestor

[ultragtx]

@Infra-Red Thanks you so much for the quick response, but I had already added properties.syslog_daemon_config and reconfigured cf deployment, just like what the link showed.

[Infra-Red]

@ultragtx You could also check that security groups allow traffic between Logsearch and CF deployments. By default Logsearch store CF instances logs in logs-platform* index, please check that you use exactly this index. You can list all available indexes with the following command curl ELASTICSEARCH_MASTER_IP:9200/_cat/indices?v

[hannayurkevich]

@ultragtx, Make sure that you login to Kibana with Admin user, because only Admin users can see platform logs.

[ultragtx]

@Infra-Red @hannayurkevich Thank you so much for the help, which led me to check privilege related settings, and I finally found out I've set the wrong value to CF_SYSTEM_ORG.

Also, it was strange that I could only get platform logs when I set properties.syslog_daemon_config.transport to tcp or relp. Leaving it blank (use default value udp) didn't work.

Anyway, my problem solved, and thank you all again.

[hannayurkevich]

Welcome )