bmo get logs -u <username> -p <password>
Pulls all Bare Metal Orchestrator cluster logs for the past 10 days, where <username>
is your OpenSearch username and <password>
is your OpenSearch password. Logs are saved to a bmologs.tar file in the current directory where the command is initiated.
bmo get logs -d <yyyy-mm-dd> -u <username> -p <password>
Pulls all Bare Metal Orchestrator cluster logs from the specified date entered as yyyy-mm-dd up to the present date and time.
bmo get logs -d "<yyyy-mm-dd> <yyyy-mm-dd>" -u <username> -p <password>
Pulls all Bare Metal Orchestrator cluster logs for the specified date range. For example, enter the following to pull logs from May 1 to May 11, 2023 (inclusive.)
bmo get logs -d "2023-05-01 2023-05-11" -u myusername -p mypassword
To pull logs for a specific date, enter the same value for the start date and the end date, for example:
bmo get logs -d "2023-05-11 2023-05-11" -u myusername -p mypassword
bmo get logs -q audit -u <username> -p <password>
bmo get logs -q auditlogs -u <username> -p <password>
Pulls audit logs for the past 10 days, where <username>
is your OpenSearch username and <password>
is your OpenSearch password.
bmo get logs -d <yyyy-mm-dd> -q audit -u <username> -p <password>
Pulls audit logs from the specified date entered as yyyy-mm-dd up to the present date and time.
bmo get logs -d "<yyyy-mm-dd> <yyyy-mm-dd>" -q audit -u <username> -p <password>
Pulls audit logs for the specified date range.
To pull audit logs for a specific date, enter the same value for the start date and the end date, for example:
bmo get logs -d "2023-05-11 2023-05-11" -q audit -u myusername -p mypassword
Argument Definitions
- -d
-
Specifies that a date-range value is expected, where the start date and end date are entered as yyyy-mm-dd. To specify a specific date, enter the same value for the start date and the end date. Searching for logs in the future produces an empty .tar file.
- -p
-
Specifies that a password is expected, where the value entered is the password used to log into OpenSearch. Mandatory.
- -q audit
- -q auditlogs
-
Specifies that audit logs are to be queried. The collected logs are displayed in JSON format.
- -u
-
Specifies that a username is expected, where the value entered is the username for your OpenSearch account. Mandatory.
Requirements and Limitations
- You must have write permissions to run these commands. Contact your Bare Metal Orchestrator administrator.
- Audit logs are not currently presented in audit format. They are presented in log format.
- An active OpenSearch account is required.
- The maximum number of logs collected is 10,000. If your results exceed 10,000 log entries, then multiple JSON files are included in the .tar file. For example: if the pull produces 20,000 hits, then two JSON files with 10,000 log entries each are included in the .tar file.
- Ensure there is enough available space on the target machine for the log file.
- If a .tar file of the same name already exists in the directory where you run the export command, the old .tar file is overwritten by the new file.
Example Output
The following is a sample of an extracted bmologs.json file:
"took": 1401,
"timed_out": false,
"_shards": {
"total": 30,
"successful": 30,
"skipped": 8,
"failed": 0
},
"hits": {
"total": {
"value": 3,
"relation": "gte"
},
"max_score": null,
"hits": [
{
"_index": "mw_logs_site_gc-2023.01.28",
"_id": "Crys9YUBQ8juYCuUncRN",
"_score": null,
"_source": {
"message": "2023-01-26T18:00:02.782087455-06:00 stdout F 10.42.0.85 - - [27/Jan/2023:00:00:02 +0000] \"GET /data/ HTTP/1.1\" 200 14 \"-\" \"curl/7.86.0\"",
"grokfailure": "No grok pattern matched",
"hostname": "fluentd-5674648795-6xsdc",
"site": "gc",
"@timestamp": "2023-01-28T00:00:03.094088472+00:00"
},
"sort": [
1674864003094
]
},
{
"_index": "mw_logs_site_gc-2023.01.28",
"_id": "C7ys9YUBQ8juYCuUncRN",
"_score": null,
"_source": {
"message": "2023-01-27T18:00:02.896474559-06:00 stdout F 10.42.0.89 - - [28/Jan/2023:00:00:02 +0000] \"GET / HTTP/1.1\" 200 95 \"-\" \"curl/7.86.0\"",
"grokfailure": "No grok pattern matched",
"hostname": "fluentd-5674648795-6xsdc",
"site": "gc",
"@timestamp": "2023-01-28T00:00:03.094117464+00:00"
},
"sort": [
1674864003094
]
},
{
"_index": "mw_logs_site_gc-2023.01.28",
"_id": "DLys9YUBQ8juYCuUncRN",
"_score": null,
"_source": {
"message": "2023-01-27T18:00:02.842844878-06:00 stdout F 2023-01-28 00:00:02,839 INFO Preparing Action ID: 1, \"delete_indices\"",
"grokfailure": "No grok pattern matched",
"hostname": "fluentd-5674648795-6xsdc",
"site": "gc",
"@timestamp": "2023-01-28T00:00:03.098322139+00:00"
},
"sort": [
1674864003098
]
}
]
}
The following is a sample entry in the extracted auditlogs.json file. They are currently presented in log format.
"took": 4,
"timed_out": false,
"_shards": {
"total": 4,
"successful": 4,
"skipped": 2,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "mw_audit_logs_site_gc-2023.01.30",
"_id": "FIxqBIYBSdBsaz0eMgGp",
"_score": null,
"_source": {
"timestamp": "2023-01-30T14:35:07.441849714-06:00",
"stdout": "stdout",
"F": "F",
"timestampmw": "2023-01-30T20:35:07Z ",
"log_level": "AUDIT",
"file_name": "workspace/cmd/api-svc/handlers/v1/sites/sites.go:40 ",
"message": "Executing list of sites request ",
"component": "mw-api-svc ",
"goroutineID": "162 ",
"operation": "ListSites ",
"payload": "\"{\\\"resourceName\\\":\\\"*\\\",\\\"resourceType\\\":\\\"Site\\\"}\" ",
"tenant": "metalweaver ",
"user": "admin ",
"uuid": "0f569557-3b3f-4255-bb93-be5b8a860737",
"grok_name": "grok_pattern",
"hostname": "fluentd-5674648795-6xsdc",
"site": "gc",
"@timestamp": "2023-01-30T20:41:53.983837901+00:00"
},
"sort": [
1675111313983
]
},
{
"_index": "mw_audit_logs_site_gc-2023.02.01",
"_id": "sPfiDoYBaAFlanpV2-fC",
"_score": null,
"_source": {
"timestamp": "2023-02-01T15:29:53.241228562-06:00",
"stdout": "stdout",
"F": "F",
"timestampmw": "2023-02-01T21:29:53Z ",
"log_level": "AUDIT",
"file_name": "workspace/cmd/api-svc/handlers/v1/servers/servers.go:65 ",
"message": "Executing List of servers request ",
"component": "mw-api-svc ",
"goroutineID": "952 ",
"operation": "ListServers ",
"payload": "\"{\\\"resourceName\\\":\\\"*\\\",\\\"resourceType\\\":\\\"Server\\\"}\" ",
"tenant": "metalweaver ",
"user": "admin ",
"uuid": "7d8b88c4-441d-a4bf-d9573bfee4ae",
"grok_name": "grok_pattern",
"hostname": "fluentd-5674648795-6xsdc",
"site": "gc",
"@timestamp": "2023-02-01T21:29:53.730637775+00:00"
},
"sort": [
1675286993730
]
}
]
}