Juniper Openstack

R5.0-283: session logging flags are not working, sessions are not getting logged

Bug #1797317 reported by alok kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Released
High
Sivakumar Ganapathy
Juniper Openstack r5.0.2
Trunk
New
High
Sivakumar Ganapathy
Juniper Openstack r5.1.0

Bug Description

session logging flags are changed to sample_destination and slo_destination in agent.conf file under SESSION_DESTINATION section.

with these flags I tried for slo_destination=file and sample_destination=syslog but I dont see sessions getting logged in agent log file or syslog.

sample for slo destination file:
[SESSION_DESTINATION]

slo_destination=file
sample_destination = collector

Jeba Paulaiyan (jebap)
tags: added: blocker
Revision history for this message
Arvind (arvindv) wrote :

Alok, have you checked the sampling rate in the webUI. If u have set the sample_destination to collector, the messages will only be sent to collector. If u are not seeing the SLO messages,
have u configured the SLO's correctly ?

Revision history for this message
alok kumar (kalok) wrote :

Arvind, the sample configuration mentioned was only for slo test case, for sampling below is the config used:

[SESSION_DESTINATION]
sample_destination=syslog
slo_destination = collector

apart from this, tried with old flags too and surprisingly sampling to agent file is working using old flags but not the syslog:
[DEFAULT]
use_syslog=1
log_level=SYS_INFO
log_local=1
log_flow=1

SLO configurations looks fine to me.

Revision history for this message
alok kumar (kalok) wrote :

As per Arvind:
In the vrouter entrypoint of https://review.opencontrail.org/#/c/42952/2/containers/vrouter/agent/entrypoint.sh,
the section name “SESSION_DESTINATION” has been changed to “SESSION” however this change has not got into R5.0.

Tried testing by changing SESSION_DESTINATION to SESSION, slo sessions are getting logged in syslog as well as agent file but still VN name is wrong.

2018-10-13 Sat 22:01:05:611.008 IST nodem9 [Thread 140160203036416, Pid 26997]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:ctest-SecurityLogging-24616497:c650dee3-40e0-4f94-a47d-05bd6f67a66d vn = default-domain:ctest-TestDetailedPolicy3Ipv4v6-65433011:vnet3 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-24616497:ctest-vn-46503389 is_client_session = 1 is_si = 0 vrouter_ip = 10.10.10.9 sess_agg_info= [ [ [ local_ip = 135.239.132.3 service_port = 0 protocol = 1 ] [ logged_forward_bytes = 98 logged_forward_pkts = 1 logged_reverse_bytes = 84 logged_reverse_pkts = 1 sessionMap= [ [ [ ip = 12.6.131.3 port = 2444 ] [ forward_flow_info= [ logged_bytes = 98 logged_pkts = 1 flow_uuid = 146b9bc9-f0ab-4d5c-9a74-34d9968f2890 tcp_flags = 0 setup_time = 1539448256049363 action = pass sg_rule_uuid = 77bffb42-eb37-452f-94a0-63220f604f93 nw_ace_uuid = 00000000-0000-0000-0000-100000000001 underlay_source_port = 62230 ] reverse_flow_info= [ logged_bytes = 84 logged_pkts = 1 flow_uuid = 359c5f66-dde3-4861-a7e0-fc8118475d0d tcp_flags = 0 setup_time = 1539448256049363 action = pass sg_rule_uuid = 77bffb42-eb37-452f-94a0-63220f604f93 nw_ace_uuid = 00000000-0000-0000-0000-100000000001 underlay_source_port = 61275 ] vm = f535026f-2bfd-4c6a-b3aa-c0dabbb0cce4 other_vrouter_ip = 10.10.10.10 underlay_proto = 2 ], ] ] ], ] ] ], ] ]

correct VN name should be default-domain:ctest-SecurityLogging-24616497:ctest-vn-90681750.

VN default-domain:ctest-TestDetailedPolicy3Ipv4v6-65433011:vnet3 was created by policy test case which is deleted and the project too.

Revision history for this message
alok kumar (kalok) wrote :
Download full text (5.0 KiB)

I tried a fresh test on ocata-5.0-289 centos setup by patching the setup for missing commit, I don’t see wrong VN name but few points observed:

1. Looks like old flag “log_flow” is still used/referenced to log the sessions because when I set “log_flow=1”(apart from slo_destination=file)extra logs(see 2nd log below) are seen as below:

INFO - [SYS_INFO]: SessionData: [ vmi = default-domain:ctest-SecurityLogging-77901689:287ea704-75b9-4e56-bcad-210a6a11531d vn = default-domain:ctest-SecurityLogging-77901689:ctest-vn-06809291 ] security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-77901689:ctest-vn-23556997 is_client_session = 1 is_si = 0 vrouter_ip = 10.10.10.8 local_ip = 138.7.139.3 service_port = 0 protocol = 1 logged_forward_bytes = 98 logged_forward_pkts = 1 logged_reverse_bytes = 84 ip = 45.159.187.3 port = 8068 forward_flow_info= [ logged_bytes = 98 logged_pkts = 1 flow_uuid = f161a6d4-2c95-427a-aaae-d3724c706e1b tcp_flags = 0 setup_time = 1539689679214767 action = pass sg_rule_uuid = 8da6cbcd-91e1-4585-893b-9b1a13cc5257 nw_ace_uuid = 1b924ca7-0ca1-4886-89c1-8af60b15b67a underlay_source_port = 53414 ] reverse_flow_info= [ logged_bytes = 84 logged_pkts = 1 flow_uuid = 865627a2-084a-4f8e-9067-0aaf4b8c6a42 tcp_flags = 0 setup_time = 1539689679214767 action = pass sg_rule_uuid = 8da6cbcd-91e1-4585-893b-9b1a13cc5257 nw_ace_uuid = 1b924ca7-0ca1-4886-89c1-8af60b15b67a underlay_source_port = 65224 ] vm = 9932613e-cbd9-4fa1-9bea-2fe1a94cf1ac other_vrouter_ip = 10.10.10.9 underlay_proto = 2 ]

2018-10-16 Tue 17:04:39:995.849 IST nodem8 [Thread 140123954079488, Pid 16060]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:ctest-SecurityLogging-77901689:287ea704-75b9-4e56-bcad-210a6a11531d vn = default-domain:ctest-SecurityLogging-77901689:ctest-vn-06809291 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-77901689:ctest-vn-23556997 is_client_session = 1 is_si = 0 vrouter_ip = 10.10.10.8 sess_agg_info= [ [ [ local_ip = 138.7.139.3 service_port = 0 protocol = 1 ] [ sessionMap= [ [ ] ] ], ] ] ], ] ]

2. The Format of the message is changed and there is no sess_agg_info now.
Old format of the log was same as 2nd log above.

3. logged_reverse_pkts field is missing in log. Earlier same issue was seen for syslog.
https://bugs.launchpad.net/juniperopenstack/+bug/1753381

Expected session log(ignore the format):

[ vmi = default-domain:ctest-SecurityLogging-62453854:4b97fc45-dd8e-437f-9f84-967a1e6388d3 vn = default-domain:ctest-SecurityLogging-62453854:ctest-vn-23374218 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:ctest-SecurityLogging-62453854:ctest-vn-72151247 is_client_session = 1 is_si = 0 vrouter_ip = 10.10.10.8 sess_agg_info= \[ \[ \[ local_ip = 194.124.216.3 service_port = 0 protocol = 1 ] \[ logged_forward_bytes = \d+ logged_forward_pkts = \d+ logged_reverse_bytes = \d+ logged_reverse_pkts = \d+ sessionMap= \[ \[ \[ ip = 76.27.77.3 port = \d+ ] \[ forward_flow_info= \[ logged_bytes = \d+ logged_pkts = \d+ flow_uuid = [0-9a-f]...

Read more...

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/47045
Submitter: Arvind (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/47045
Committed: http://github.com/Juniper/contrail-container-builder/commit/854262f822902c156208f479a7f6c565b4489933
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 854262f822902c156208f479a7f6c565b4489933
Author: arvindvis <email address hidden>
Date: Tue Oct 16 10:55:56 2018 -0700

Section name for SESSION destination is wrong in the conf file

The section name in the .conf file should be SESSION and not
SESSION_DESTINATION.
Closes-Bug: #1797317

Change-Id: Id276e43d1002f3ec967a0a4f1649daefd142b60f

Revision history for this message
alok kumar (kalok) wrote :

verified with new flags, working fine.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.