Logs to collect when opening a support case

This document (000020935) is provided subject to the disclaimer at the end of this document.

Situation

In general, the NeuVector support-bundle will provide version, platform, and cluster along with much of the policy and events from the NeuVector deployment.  If possible, always include the support-bundle when opening a new support ticket.

Resolution

Here's a list of the most common logs requested for troubleshooting use and steps on how to gather them.

  • Support-bundle (in all cases, this support bundle is very helpful as it provides product version, deployment platform, the cluster, and other relevant details)
  • Controller Pod logs (needed from all controllers with debug enabled and should only provide when requested)
  • Enforcer Pod logs (most likely in debug logging mode and should only provide when requested)
  • Manager Pod log (should only provide when requested)
  • Browser HAR capture of Client/Server interactions (should only provide when requested)

Support log

Support-bundle is gathered from the WebUI/Console under Settings > Configuration > Support.

support-bundle.png(Optional) If instructed by Support to collect details enforcer information, select the checkboxes next to each enforcer.  Only up to 10 can be selected.
enforcer.png
Click on the "Collect support bundle" button.
Screen Shot 2023-01-17 at 4.14.32 PM.png
Click on the "Download" button when it is ready.
Screen Shot 2023-01-17 at 4.21.04 PM.png
 

NOTE: Large clusters may take longer to collect the Support log.

Controller pod logs

The following shell command will save each NeuVector Controller pod log to the current path.  

for i in `kubectl get pods -n neuvector | grep controller | awk '{print $1}'`;do kubectl logs $i -n neuvector > $i.log; done

In most cases, our support engineers will request cpath debug controller pod logs.  To enable debug logging on the controllers, either you can exec into the NeuVector Manager pod to execute the cli command to enable or if you are running version 4.3.0+ you can enable cpath debug logging through the WebUI > Settings > Configuration > Support > Enable controller control path debug.  It is recommended to disable debug logging afterward.  Below are steps to enable/disable cpath debug logging.

To enable debug logging on the controllers

#  kubectl -n neuvector exec -it neuvector-manager-pod-name -- cli
# #neuvector-svc-controller.neuvector> login
#admin#neuvector-svc-controller.neuvector> set system controller_debug -c cpath

 

To disable debug logging on the controllers

# admin#neuvector-svc-controller.neuvector> set system controller_debug
# admin#neuvector-svc-controller.neuvector> logout
# #neuvector-svc-controller.neuvector> exit

 

OR

Check the box from WebUI > Settings > Configuration > Support > Enable controller control path debug

cpath.png

Enforcer pod logs

In some cases, our support engineers may request debug logging from the enforcers.  There are multiple debug levels:-c monitor -c cpath -c conn -c policy.  Only pass in the debug level requested as they are verbose and can cause log rotation quickly.  To enable debug logging on the enforcer, you must exec into the NeuVector Manager pod to execute the cli command and login. 

To enable debug logging on the enforcer

#  kubectl -n neuvector exec -it neuvector-manager-pod-name -- cli
# #neuvector-svc-controller.neuvector> login
# admin#neuvector-svc-controller.neuvector> show enforcer
# admin#neuvector-svc-controller.neuvector> set enforcer <enforcer_id> debug -c cpath
#* Repeat above step for each enforcer_id if needed
#* Debug logging is verbose, best to trigger test and turn off.

To disable debug logging on the enforcer

# admin#neuvector-svc-controller.neuvector> set enforcer  <enforcer_id> debug
#* Repeat above step for each enforcer_id
# admin#neuvector-svc-controller.neuvector> logout
# #neuvector-svc-controller.neuvector> exit

Manager Pod log / Browser HAR capture

When troubleshooting WebUI/Console issues, the NeuVector Manager pod log along with the browser HAR capture is useful.  The Manager pod log can be obtained with `kubectl logs neuvector-manager-pod-name -n neuvector`.  Below is a walkthrough on how to save the browser HAR capture from Chrome. 

From Settings > More Tools > Developer Tools. 

devtools.png

Select Network, check Preserve log and Disable cache.  Perform the navigation to recreate the error condition.  Right-mouse click into one of the network activity and select Save all as HAR with content.

savhar.png


 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020935
  • Creation Date: 18-Jan-2023
  • Modified Date:18-Jan-2023
    • SUSE NeuVector

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center