JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

The JS7 offers the Log Management Service compliant to RFC5424, aka Syslog protocol.

...

- Log Management is offered with JOC Cockpit for monitoring of log output and dispatch of notifications created by Controller, Agent & JOC Cockpit instances.

The Log Notification

...

Service is available from the active JOC Cockpit instance within the scope

...

of JS7 - Services.

  • Service
    • The service is used to collect warnings and errors from log output of Controller & Agent instances and to create JS7 - Notifications. JOC Cockpit notifications are created directly and without use of the service.
    • The service is compliant to RFC5424, aka Syslog Protocol.
    • The Log Management Service offers high availabilityservice offers restart capabilities: in case of fail-over or switch-over of JOC Cockpit the Log Management Notification Service will become available from the active JOC Cockpit instance.
  • Clients
    • All The JS7 products, JOC Cockpit, Controller and Agents that act as a client Controller & Agent instances act as clients to the Log Management Notification Service, . The products can be configured to report warnings and errors from log output to the JS7 Log Management Service.Log output of JS7 products is always written to local log files. In addition, log output can be forwarded to the Log Management ServiceNotification Service, for details see JS7 - Log Configuration for use with System Notifications.
    • Users have a choice to enable forwarding of log output per instance of a JS7 product Controller & Agent during installation and or later on by adjusting the Log4j2 configuration. 
  • User Interface
    • The

...

...

Display feature availability
StartingFromRelease2.7.2

...

Configuration

...

By default the Log4j configuration of JS7 products will not make use of the Log Management Service. Instead, users choose for which instances of JS7 products they want send log output to the Log Management Service.

Controller Log4j2 Configuration

The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:

Code Block
languagexml
titleExample for Controller log4j.xml Configuration
linenumberstrue
collapsetrue
<Appenders>
    <Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
            protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
        <PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"thread":"%t",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
        />
    </Syslog>
</Appenders>

Explanations:

  • tbd

Agent Log4j2 Configuration

The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:

Code Block
languagexml
titleExample for Agent log4j.xml Configuration
linenumberstrue
collapsetrue
<Appenders>
    <Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
            protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
        <PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"agentId":"...",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
        />
    </Syslog>
</Appenders>

Explanations:

  • tbd

JOC Cockpit Log4j2 Configuration

The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:

Code Block
languagexml
titleExample for Agent log4j.xml Configuration
linenumberstrue
collapsetrue
<Appenders>
    <Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
            protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
        <PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"agentId":"...",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
        />
    </Syslog>
</Appenders>

Explanations:

  • tbd

Delimitation

The JS7 Log Management Service is offered for convenience purposes as it allows to access log files of JS7 products from JOC Cockpit as a central point of view.

Items

The Log Notification Service is configured with the JS7 - Settingspage.

SectionSettingDefault ValueRequiredPurpose
lognotificationlog_server_active falseno

Specifies that the Log Notification Service is started with JOC Cockpit.


log_server_port

4245noSpecifies the UDP port to which the Log Notification Service will listen.

log_server_max_messages_per_second

1000no

Specifies the max. number of messages per second that the Log Notification Service will process.

Delimitation

Due to limitations of the underlying Syslog Protocol the JS7 Log Notification Service does not meet elaborated Due to limitations of the underlying Syslogd Protocol the JS7 Log Management Service does not meet all requirements for security, resiĺience and high availability.

The Log Management Notification Service is offered for convenience . The purposes, the authoritative source of log output remains with log files created by the JS7 products.

Security

The Syslogd Syslog Protocoll does not specify cover authentication of Clients:

  • This translates to the fact that log Log messages can be faked by malicious 3rd-party components as the JS7 Log Management Notification Service cannot authenticate and reliably identify the source of log output.
  • Users are warned in case that they take action based on messages arriving with the JS7 Log Management Notification Service: severe messages that suggest immediate action should be verified from the JS7 product's log files.

The Syslogd Syslog Protocol is exposed to denial-of-service attacks:

  • Flooding of messages is a possible scenario for attacks that which is not covered by the Syslogd Syslog Protocol.
  • The JS7 Log Management Notification Service will try to identify such scenarios and will shut down. The behavior is intended to keep the JOC Cockpit that operates the Log Management Service free from DNS attackslimit processing of messages.

Resilience

The Log Management Notification Service accepts messages sent via the UDP protocol only.

  • TCP connections are out of scope due to their blocking nature.
  • UDP messages can arrive in an sequenceare accepted if they do not exceed 4000 characters.

The Log Management Notification Service performs input sanitazationsanitization.

  • This includes that any log messages that include for example HTML tags, will be dropped.
  • Messages sent to the JS7 Log Management Notification Service have to must be compliant to the above Log4j configuration and otherwise will be dropped.
  • Messages carrying unacceptable input will be dropped.

High Availability

The JS7 Log Management Service is subject to clustering of Notification Service offers restart capabilities when operated from a JOC Cockpit cluster:

  • This allows the service to switch from a current JOC Cockpit instance to the next active JOC Cockpit instance.
  • Switching to a different host operating the then active JOC Cockpit instance includes that the hostname of the Log Management Notification Service will change,. Users are encouraged to

If no JOC Cockpit instance is active, then no log messages can be picked up:

  • In a situation when no JOC Cockpit instance is active UDP messages will be lost.
  • Periods Short periods of unavailability of JOC Cockpit can occur in case of fail-over and switch-over that take up to approx. 30s but can be prolonged if a larger number of orders is present.

...