Closed Bug 1097374 Opened 10 years ago Closed 9 years ago

Support submitting logs from Windows hosts to the log aggregation server

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

Product:
Infrastructure & Operations
Component:
RelOps: Puppet
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dustin, Assigned: grenade)

References

Details

(Whiteboard: [relsec]) 

That probably means a syslog connector transmitting the log messages, similar to what log_aggregator::client is doing now for POSIX.
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4102]
Assignee: dustin → relops
nxlog seems to be the tool to use.  The Windows servers are already running it.
Assignee: relops → rthijssen
Status: NEW → ASSIGNED
Depends on: 1161529
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4102] → [relsec]
We'd like to install nxlog to all Windows hosts in the releng.ad.mozilla.com and ad.mozilla.com ActiveDirectory domains, via Group Policy.

The configuration for each nxlog instance will forward local EventLog message events to the log aggregation servers, where logs can be analysed and responded to.

We have tested a GPO driven, roll-out to a single Windows 2008 build slave and also to all of the Domain Controller servers where we have seen no negative side effects of the change and have observed that the aggregators are correctly receiving and processing incoming event messages.

Specific host targeting and timing will be handled in monitored stages and will be coordinated with buildduty.This message is to notify that wider roll-outs will be forthcoming (Windows hosts in releng only). We don't anticipate negative side effects but in the event that it becomes necessary to halt the forwarding of Windows event log messages, the back-out procedure, is simply to stop (and optionally disable) the nxlog services on the individual Windows hosts.

A powershell script for a targeted roll-back is available at: https://gist.github.com/grenade/3bbb336209a8859af9d1#file-stop-nxlog-ps1 and the scope for the roll-back can be controlled by altering the OU $searchBase and host $nameFilter variables. If a roll-back becomes necessary or if you have concerns, please add a comment here and/or comment in #releng tagging my nick (:grenade).
requesting a win 7 loaner...
Depends on: 1164075
Depends on: 1164086
Complete for:
 - b-2008-ix-*
 - t-w864-ix-*
 - t-w732-ix-*
gpo/nxlog element complete. I will track puppet progress at https://bugzilla.mozilla.org/show_bug.cgi?id=1146324
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.