Troubleshooting Syslog Integration with Stackdriver Logging

Why Is Syslog Not Showing Up in the "All logs" Dropdown List?

Prev Question Next Question

Question

You are running an application in a virtual machine (VM) using a custom Debian image.

The image has the Stackdriver Logging agent installed.

The VM has the cloud-platform scope.

The application is logging information via syslog.

You want to use Stackdriver Logging in the Google Cloud Platform Console to visualize the logs.

You notice that syslog is not showing up in the "All logs" dropdown list of the Logs Viewer.

What is the first thing you should do?

Answers

A. Look for the agent`s test log entry in the Logs Viewer.

B. Install the most recent version of the Stackdriver agent.

C. Verify the VM service account access scope includes the monitoring.write scope.

D. SSH to the VM and execute the following commands on your VM: ps ax | grep fluentd.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://groups.google.com/g/google-stackdriver-discussion/c/FXehB9a-5Vk?pli=1

The first thing you should do is option A, which is to look for the agent's test log entry in the Logs Viewer.

Here's why:

The Stackdriver Logging agent collects logs from a variety of sources, including syslog, and sends them to the Stackdriver Logging API for storage and analysis. By default, the agent is configured to collect logs from a number of sources, including syslog.

If syslog is not showing up in the "All logs" dropdown list of the Logs Viewer, it could indicate a problem with the agent's configuration, or with the VM's permissions. However, before jumping into troubleshooting, it's important to first verify that the agent is functioning correctly.

The agent provides a built-in test log entry that you can use to verify that it's collecting logs and sending them to the API. To check if the agent is working correctly, you should look for this test log entry in the Logs Viewer.

Here's how to do it:

In the GCP Console, go to the Stackdriver > Logging page.
Click on "Logs Viewer".
In the "Resource" dropdown list, select the name of your VM instance.
In the "Log name" dropdown list, select "agent".
Look for a log entry with the message "Stackdriver Logging agent is running".

If you see this log entry, it means that the agent is running correctly and collecting logs. If you don't see this log entry, it could indicate a problem with the agent's configuration or installation.

Assuming that the agent is running correctly, the next step would be to verify the VM's permissions and configuration. In this case, the VM has the cloud-platform scope, which should provide sufficient permissions to collect and send logs to Stackdriver. However, it's possible that the monitoring.write scope is not included in the VM's service account access scope. This scope is required to write logs to Stackdriver, so it's important to verify that it's included.

To verify the VM's service account access scope, you can use the following command:

sql
gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep serviceAccounts

This will display the service account email and access scopes for the VM. Make sure that the monitoring.write scope is included.

If the monitoring.write scope is missing, you can add it using the following command:

css
gcloud compute instances set-service-account INSTANCE_NAME --zone ZONE --service-account EMAIL --scopes cloud-platform,monitoring.write

Finally, if everything else checks out and syslog logs still aren't showing up in the Logs Viewer, you can SSH to the VM and execute the following command:

perl
ps ax | grep fluentd

This will show whether the Fluentd process, which is used by the Stackdriver Logging agent, is running correctly on the VM. If it's not running, there may be a problem with the agent's installation or configuration that needs to be addressed.

Prev Question Next Question