Table of Contents
1. Purpose
1.1 Verify VAN remote collector config
1.2 Verify VAN remote collector status
1.3 Verify logs are received on the VAN
1.4 Troubleshooting if session is established but customers are not receiving syslog
1 Purpose
The Versa Log Collector and Exporter process is responsible for receiving logs from Versa FlexVNF devices, storing them locally, and streaming them to third-party collectors using a remote collector configuration. This guide provides troubleshooting steps for issues related to configuring and verifying remote collectors.
1.1 Verify VAN remote collector configuration.
To stream logs to third-party collectors, configure the remote collectors on each of the Versa Analytics Nodes. The remote collector can be reached through TCP or UDP transport. The collector group can be configured with one or more collectors to support high availability. If the active collector goes down, the next collector in the collector group is used automatically. The destination address in the collector config should be the destination IP address of the remote system, and the source should be the local analytics IP.Below is the sample configuration from Analytics.
The "format" should be set to KVP while sending logs towards 3rd party remote-collectors, as most 3rd party remote collectors will not be able to parse the syslogs sent in csv format (default). Please ensure that the format is set to KVP as shown below
The logs received by the local collector are streamed to the remote collector based on the rules .Ensure that the match criteria are unique within the same local collector. If you configure overlapping match criteria, the rule that matches first is used first, and the other rule is ignored.
1.2 Verify VAN remote collector status
Verify that the remote collector status is established. If it is not established, check for connectivity between the Node and the remote collector.
If the status is not established then check for the connectivity between the Node and remote collector
1.3 Verify logs are received on the VAN
To check if Analytics is receiving the latest logs sent by the Appliance, switch to the root user in shell and go to the directory "/var/tmp/log/<org-name>/backup" and check if the logs is being received .
We can also verify this through the Versa Analytics GUI, which confirms Analytics has processed the received logs.
1.4 Perform a tcpdump to see if the logs are being transmitted
We could further perform a tcpdump on the Analytics Node using the remote IP ,
[versa@van-analytics-01: ~] $ sudo tcpdump -i eth1 host 192.168.10.2 -w test.pcap