Logging in Coreflux
Introduction
In the digital age, logging is more than just keeping a record; it's about understanding the behavior, security, and performance of your system. Coreflux's logging capabilities offer businesses, both big and small, a window into their IoT ecosystem.
Benefits
- For Large Enterprises: Large enterprises often deal with a myriad of devices, connections, and data flows. Coreflux's logging allows them to:
- Detect unauthorized access attempts, ensuring security at scale.
- Monitor assets' health, ensuring timely maintenance and reducing downtimes.
-
Audit system usage, ensuring compliance with internal policies and external regulations.
-
For Small Businesses: Small businesses might not have the extensive infrastructure of larger companies, but they equally benefit from Coreflux's logging:
- Understand client behaviors, helping in refining user experiences.
- Quickly detect and rectify issues, ensuring smooth operations with limited resources.
- Ensure security without a dedicated team, as Coreflux logs unauthorized access attempts and other potential threats.
What Can You Check?
- Authentication Logs: Identify clients that failed to authenticate, helping in detecting potential breach attempts.
- Asset Health: Monitor assets that went down unexpectedly, ensuring timely intervention.
- Subscription Logs: Detect topics that were subscribed to but not allowed by authentication, ensuring data integrity and security.
- Connection Logs: Monitor connections opened across different OS like Windows, Linux, and Mac, ensuring system-wide security.
- Container Status: Keep an eye on the status of Docker containers, ensuring smooth operations.
- Flux Asset Logs: Monitor logs from Docker containers and flux assets, ensuring the health of your IoT ecosystem.
Trace Logging
Coreflux provides powerful trace logging capabilities that allow you to capture specific log events based on criteria you define. This is especially useful for troubleshooting, debugging, and monitoring specific behaviors in your system.
Trace Logging Commands
You can manage trace logging using the following commands published to $SYS/Coreflux/Command:
| Command | Description | Format | Example |
|---|---|---|---|
-add-trace-log |
Creates a trace point to capture specific logs | -add-trace-log level=<Level>,expires=<Seconds>,messageContains=<Text> |
-add-trace-log level=Debug,expires=3600,messageContains=asset123 |
-list-trace-logs |
Lists all active trace points | -list-trace-logs |
-list-trace-logs |
-remove-trace-log |
Removes a specific trace point by topic | -remove-trace-log <TopicName> |
-remove-trace-log $SYS/Coreflux/Log/Traces/asset123 |
-remove-all-trace-logs |
Removes all active trace points | -remove-all-trace-logs |
-remove-all-trace-logs |
How Trace Logging Works
- Create Trace Points: Define what type of logs you want to capture based on level, content, and other criteria
- Automatic Capture: When logs matching your criteria occur, they are automatically published to the trace topic
- Monitor Results: Subscribe to the trace topics to see the captured logs in real-time
- Cleanup: Remove trace points when no longer needed (they also expire automatically after the specified time)
Common Use Cases
Monitoring Specific Assets
To monitor logs related to a specific asset, you need to know the asset's GUID (a unique identifier automatically assigned when the asset is installed):
This will capture all Information-level logs containing the asset's GUID for the next 2 hours. Each asset in Coreflux has a unique GUID that appears in its log messages, making it easy to filter logs for a specific asset.
You can find an asset's GUID by:
- Looking at the installation confirmation message
- Checking the asset list in the Coreflux UI
- Using the -list command with the Coreflux CLI tool
Troubleshooting Connection Issues
To capture error logs related to connections:
Monitoring Authentication Failures
To monitor authentication failures:
Viewing Trace Logs
Trace logs are published to MQTT topics with the prefix $SYS/Coreflux/Log/Traces/. You can subscribe to these topics using any MQTT client to view the captured logs in real-time.
Managing Trace Points
- List Active Trace Points: Use
-list-trace-logsto see all active trace points - Remove a Specific Trace Point: Use
-remove-trace-log <TopicName>to remove a specific trace point - Remove All Trace Points: Use
-remove-all-trace-logsto clear all trace points
Best Practices
- Set appropriate expiration times to prevent accumulating too many trace points
- Be specific with your message filters to reduce noise
- Remove trace points when they're no longer needed
- Use different log levels (Debug, Information, Warning, Error) to capture the appropriate level of detail
Next Steps
Now that you understand Coreflux's logging capabilities, you might want to explore:
- Communication Monitoring - Learn how Coreflux monitors network communications to enhance security
- Resource Management - Discover how Coreflux manages system resources for optimal performance
- LOT Actions - Implement automated responses to logging events using the Language of Things
- Managing Connectors - Learn more about managing the assets that Coreflux monitors
- Monitoring Specific Assets - Understand how to filter logs for specific assets (connectors).
- Removing Log Traces - Learn how to remove existing log trace points.
Related Documentation
- Coreflux MQTT Broker Commands - Explore the commands available for interacting with the Coreflux MQTT broker.
- Managing Connectors - For more information about managing connectors
- Coreflux System Topics - Understand the system topics used by Coreflux for various functionalities.