How To
Summary
App logs are stored in the /opt/app-root/store/log directory of your application's Docker container.
Steps
The /opt/app-root/store/log directory contains 6 log files by default:
The first 3 log files contain stdout and stderr from startup shell scripts that now execute during container startup:
A0000_start_container.sh.logcontains the output fromA0000_start_container.shA0001_kubernetes.sh.logcontains the output fromA0001_kubernetes.shA9800_configure.sh.logcontains the output fromA9800_configure.sh
The next 3 are for supervisord and the app itself:
app.logis the log file that is created by the qpylib library. Logging calls to the qpylib.log() method are written in theapp.logfile.startup.logis the initial start-up log for the application. This log is useful for checking initialization of the app has completed successfully. It will show for example if flask has started without errors in this logsupervisord.logcontains the stderr and stdout from supervisord process
Adding logging to your app
The IBM QRadar Python helper library (qpylib) contains two useful functions that you can use to add logging to your app.
The log() Function
Import the qpylib helper library into your app's views.py to use the log() function. This function writes messages at your chosen log level to the /opt/app-root/store/log/app.log file.
In order to turn on logging your app must call qpylib.create_log() as part of its initialisation. Logging is set to INFO level by default. Lower level logging messages are ignored. In order to add the ability to set the log level you will need to add a log_level endpoint similar to the Hello World template sample app.
# This endpoint sets the app's minimum level for qpylib logging.
# Example call using curl:
# curl -X POST -F "level=DEBUG" http://localhost:<port>/dev/log_level
@devbp.route('/log_level', methods=['POST'])
def log_level():
level = request.form['level'].upper()
levels = ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']
if level in levels:
qpylib.set_log_level(level)
return 'log level set to {0}'.format(level)
return 'level value {0} missing or unsupported. Use one of {1}'.format(level, levels), 42
Once you have set up the log level function you will then be able to perform a POST to /log_level endpoint to change log level.
The log() function uses the following format:
def log(message, level='info'):
from qpylib import qpylib
#in precedence order from lowest level to highest
qpylib.log('debug message', level='debug')
qpylib.log('info message', level='info')
qpylib.log('warning message', level='warning')
qpylib.log('error message', level='error')
qpylib.log('critical message', level='critical')
The set_log_level() Function
You can use this function to set the current log level. This function is used by the POST /log_level endpoint but can also be called programmatically.
def set_log_level(log_level='info'):
Setting app log level
Use built-in routes to create HTTP requests download, view, and set log collection levels.
Assuming you are using qpylib logging and you are using a log_level endpoint like the one in the sample helloworld app. You can create your own targeted web requests to the app for the following route:
Table 1. Request route
| Route | Format | Description |
|---|---|---|
POST /log_level |
POST https://{console_ip}/console/plugins/{application_id}/app_proxy/log_level |
Dynamically define the level of logging that you want your app to capture. Post a form, with an attribute level that is set to one of the log level values to this endpoint. QRadar® dynamically reset the log collection levels in your/opt/app-root/store/log/app.log file. |
Viewing Logs Within the Host Directory
All logs are located in the /opt/app-root/store/log directory of the container.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
30 March 2021
UID
ibm16437533