Closed
Bug 1097374
Opened 10 years ago
Closed 9 years ago
Support submitting logs from Windows hosts to the log aggregation server
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: grenade)
References
Details
(Whiteboard: [relsec])
That probably means a syslog connector transmitting the log messages, similar to what log_aggregator::client is doing now for POSIX.
Updated•10 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4102]
Reporter | ||
Updated•10 years ago
|
Assignee: dustin → relops
Reporter | ||
Comment 1•10 years ago
|
||
nxlog seems to be the tool to use. The Windows servers are already running it.
Updated•9 years ago
|
Assignee: relops → rthijssen
Assignee | ||
Updated•9 years ago
|
Status: NEW → ASSIGNED
Updated•9 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4102] → [relsec]
Assignee | ||
Comment 2•9 years ago
|
||
We'd like to install nxlog to all Windows hosts in the releng.ad.mozilla.com and ad.mozilla.com ActiveDirectory domains, via Group Policy. The configuration for each nxlog instance will forward local EventLog message events to the log aggregation servers, where logs can be analysed and responded to. We have tested a GPO driven, roll-out to a single Windows 2008 build slave and also to all of the Domain Controller servers where we have seen no negative side effects of the change and have observed that the aggregators are correctly receiving and processing incoming event messages. Specific host targeting and timing will be handled in monitored stages and will be coordinated with buildduty.This message is to notify that wider roll-outs will be forthcoming (Windows hosts in releng only). We don't anticipate negative side effects but in the event that it becomes necessary to halt the forwarding of Windows event log messages, the back-out procedure, is simply to stop (and optionally disable) the nxlog services on the individual Windows hosts. A powershell script for a targeted roll-back is available at: https://gist.github.com/grenade/3bbb336209a8859af9d1#file-stop-nxlog-ps1 and the scope for the roll-back can be controlled by altering the OU $searchBase and host $nameFilter variables. If a roll-back becomes necessary or if you have concerns, please add a comment here and/or comment in #releng tagging my nick (:grenade).
Assignee | ||
Comment 3•9 years ago
|
||
requesting a win 7 loaner...
Assignee | ||
Comment 4•9 years ago
|
||
Complete for: - b-2008-ix-* - t-w864-ix-* - t-w732-ix-*
Assignee | ||
Comment 5•9 years ago
|
||
gpo/nxlog element complete. I will track puppet progress at https://bugzilla.mozilla.org/show_bug.cgi?id=1146324
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•