Logs to collect when opening a NeuVector support case

In general, the NeuVector support-bundle will provide version, platform, and cluster along with much of the policy and events from the NeuVector deployment.  If possible, always include the support-bundle when opening a new support ticket.

Here's a list of the most common logs requested for troubleshooting use and steps on how to gather them.

• Support-bundle (in all cases, this support bundle is very helpful as it provides product version, deployment platform, the cluster, and other relevant details)
• Controller Pod logs (needed from all controllers with debug enabled and should only provide when requested)
• Enforcer Pod logs (most likely in debug logging mode and should only provide when requested)
• Manager Pod log (should only provide when requested)
• Browser HAR capture of Client/Server interactions (should only provide when requested)

Support log

• Support-bundle is gathered from the WebUI/Console under Settings > Configuration > Support.
• (Optional) If Support instructs to collect detailed enforcer information, select the checkboxes next to each enforcer.  Only up to 10 can be selected.
• Click on the "Collect support bundle" button.
• Click on the "Download" button when it is ready.

NOTE: Large clusters may take longer to collect the Support log.

Controller pod logs

The following shell command will save each NeuVector Controller pod log to the current path.  

for i in `kubectl get pods -n neuvector | grep controller | awk '{print $1}'`;do kubectl logs $i -n neuvector > $i.log; done

In most cases, our support engineers will request control path debug controller pod logs.  To enable debug logging on the controllers, either you can exec into the NeuVector Manager pod to execute the cli command to enable or if you are running version 4.3.0+ you can enable control path debug logging through the WebUI > Settings > Configuration > Support > Enable controller control path debug.  It is recommended to disable debug logging afterward.  Below are steps to enable/disable cpath debug logging.

To enable debug logging on the controllers

#  kubectl -n neuvector exec -it neuvector-manager-pod-name -- cli
# #neuvector-svc-controller.neuvector> login
#admin#neuvector-svc-controller.neuvector> set system controller_debug -c cpath

To disable debug logging on the controllers

# admin#neuvector-svc-controller.neuvector> set system controller_debug
# admin#neuvector-svc-controller.neuvector> logout
# #neuvector-svc-controller.neuvector> exit

OR

Check the box from WebUI > Settings > Configuration > Support > Enable controller control path debug

Enforcer pod logs

In some cases, our support engineers may request debug logging from the enforcers.  There are multiple debug levels:-c monitor -c cpath -c conn -c policy.  Only pass in the debug level requested as they are verbose and can cause log rotation quickly.  To enable debug logging on the enforcer, you must exec into the NeuVector Manager pod to execute the cli command and login. 

To enable debug logging on the enforcer

#  kubectl -n neuvector exec -it neuvector-manager-pod-name -- cli
# #neuvector-svc-controller.neuvector> login
# admin#neuvector-svc-controller.neuvector> show enforcer
# admin#neuvector-svc-controller.neuvector> set enforcer <enforcer_id> debug -c cpath
#* Repeat above step for each enforcer_id if needed
#* Debug logging is verbose, best to trigger test and turn off.

To disable debug logging on the enforcer

# admin#neuvector-svc-controller.neuvector> set enforcer  <enforcer_id> debug
#* Repeat above step for each enforcer_id
# admin#neuvector-svc-controller.neuvector> logout
# #neuvector-svc-controller.neuvector> exit

Manager Pod log / Browser HAR capture

When troubleshooting WebUI/Console issues, the NeuVector Manager pod log, along with the browser HAR capture is useful.  The Manager pod log can be obtained with `kubectl logs neuvector-manager-pod-name -n neuvector`.  Below is a walkthrough on how to save the browser HAR capture from Chrome. 

From Settings > More Tools > Developer Tools. 

Select Network, check Preserve log, and Disable cache.  Perform the navigation to recreate the error condition.  Right-mouse click into one of the network activities and select Save all as HAR with content.