Client Side Logging

Enabling client-side logging lets Admins proactively monitor the usage of certain commands.

You can use RabbitMQ for client-side logging using NC user commands. To enable RabbitMQ, complete the following steps.

  1. Install RabbitMQ server per the instructions found at https://www.rabbitmq.com/download.html. The server does not have to be the same as that of the NC server. RabbitMQ requires Erlang to be installed.
  2. Accelerator defaults to using RabbitMQ's guest user. By default, this user cannot connect to a remote RabbitMQ server. To enable, add "loopback_users = none" to the /etc/rabbitmq/rabbitmq.conf file, then restart the RabbitMQ server.
    1. If a non-guest user is desired, such as the user "rmquser" shown in the examples below, add the following environment variable definition to the $VOVDIR/local/vncConfig/queuename.tcl file: 
      setenv VOV_CLIENT_LOG_USER rmquser
    2. Generate a RabbitMQ password for the user using: 
      vovsh -x "puts [vtk_client_log_genkey]"
      A password will be printed that can be used with the rabbitmqctl utility to set the password for rmquser. In addition, the definition for the VOV_CLIENT_LOG_KEY environment variable that should be added to the $VOVDIR/local/vncConfig/queuename.tcl file will be printed.
  3. Client settings for the environment variables required to enable logging include:
    • VOV_CLIENT_LOG must be set to 1
    • VOV_CLIENT_LOG_USER <guest>
    • VOV_CLIENT_LOG_KEY <key>
    • VOV_CLIENT_LOG_HOST host name: Must be set to the host on which the RabbitMQ server is running
    • VOV_CLIENT_LOG_PORT 5671: For TLS only
    • VOV_CLIENT_LOG_PORT 5672: For non-TLS only
    • VOV_CLIENT_LOG_TLS <0|1>: Set to 1 for TLS. Set to 0 or leave unset otherwise.

    These can be set in the $VOVDIR/local/vncConfig/queuename.tcl file.

    The client messages will be published to the RabbitMQ server.
    Note: A message consumer will need to be created to do something with these messages, such as write them to a log file, or store them in a database. A consumer reference design has been included to demonstrate the effectiveness of the solution. The reference design is in the form of a Tcl daemon (vovclientlogd) that captures the messages in a daily-rotated log file, stored under $SWD/logs/clients.
  4. To start vovclientlogd, use the start_vovclientlogd.tcl script found in $VOVDIR/etc/autostart.
    For instance, run:
    vovsh -f $VOVDIR/etc/autostart/start_vovclientlogd.tcl

    This script can be called manually on any host in a shell that has been enabled to communicate with the NC server, or it can be copied into the $SWD/autostart directory to run the daemon automatically on the NC server host at queue start time. If being copied into this directory for a live queue, the daemon can be started manually via the vovautostart command.

Notice:
  • Instances of vovselect calls, and nc and wx user commands will result in a message being published to RabbitMQ. The message will contain the user, host, pid, ppid, NC queue name, time, command elapsed time (in ms), and the command itself.
  • Publisher operations are silent, even upon error, so that output formats remain unchanged for the nc and wx user commands.
  • The vovclientlogd daemon will exit if the RabbitMQ server is stopped or restarted.