CloudShark Support

CloudShark Logging

CloudShark Log Files

As CloudShark is running it will log information into a variety of log files depending on the action being logged. CloudShark logs the following information into the following log files:

/var/www/cloudshark/shared/log/cloudshark.log: Can log debugging information when instructed to do so by CloudShark support.

/var/www/cloudshark/shared/log/autoimporter.log: Logs information about the Auto-Import feature, including when a file is automatically imported into CloudShark.

/var/www/cloudshark/shared/log/cron.log: Logs information about the Auto Delete CloudShark feature.

/var/log/nginx_access.log: This file contains a log of requests made to the nginx webserver running on the CloudShark Appliance.

/var/log/nginx_error.log: This file contains a log of any errors that nginx had while processing a web request to the CloudShark Appliance.

Rotating Log Files

These log files can become large over time and contain a lot of old information. Log files can be rotated at specific intervals when the current log file is compressed and saved and CloudShark will begin logging to a new log file. Old log files can also be deleted after a specified amount of time.

A default install of CentOS/RHEL version 6 or 7 should contain the logrotate program which can manage the CloudShark log files. If this program is not installed you can install this by running yum install logrotate as root.

The configuration files for logrotate are located in the /etc/logrotate.d/ directory. In this directory you can create a new file named cloudshark to manage the log files.

Here is an example configuration file for logrotate. This file will perform the following:

  • Rotate the cloudshark.log file every week and keep the last 8 weeks of log files.
  • Rotate the autoimporter.log and cron.log files every month and keep the last 2 months of log files.
  • Rotate the nginx_access.log and nginx_error.log files every week and keep the last 8 weeks of log files.
/var/www/cloudshark/shared/log/cloudshark.log {
  weekly
  missingok
  rotate 8
  copytruncate
  compress
}

/var/www/cloudshark/shared/log/autoimporter.log /var/www/cloudshark/shared/log/cron.log {
  monthly
  missingok
  rotate 2
  copytruncate
  compress
}

/var/log/nginx_access.log /var/log/nginx_error.log {
  weekly
  missingok
  rotate 8
  compress
  delaycompress
  notifempty
  create 640 nginx adm
  sharedscripts
  postrotate
    [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
  endscript
}

More information on configuring and using logrotate can be found here.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: