How to configure icinga2 apilistener logger

Question

icinga2 on ubuntu 16.04 logs every single api call to /var/log/syslog.

I`m attempting to run icinga2 on xenial (ubuntu 16.04.1). I get a log of api related statements in my syslog. I have some automated integration running every 3 seconds, producing 10+ lines per run.

Dec 16 15:02:43 dev-srv-01 icinga2[763]: [2016-12-16 15:02:41 -0500] information/HttpServerConnection: Request: GET /v1/objects/hosts/xxx?attrs[]=address&attrs[]=vars (root)
Dec 16 15:02:43 dev-srv-01 icinga2[763]: [2016-12-16 15:02:42 -0500] information/ApiListener: New client connection (no client certificate)

Indeed icinga logs actions (apilistener.cpp:403)

Log(LogInformation, "ApiListener") << "New client connection " << conninfo << " (no client certificate)";

How to I configure this log so it is less verbose? I couldn't quite figure it out from the documentation.

This is my configuration so far:

Disabled features: gelf graphite icingastatus mainlog opentsdb perfdata statusdata syslog
Enabled features: api checker command compatlog debuglog ido-mysql livestatus notification

I also create this file: /etc/icinga2/conf.d/api-users.conf

object ApiUser "root" {
     password = "x.x"
     permissions = [ "objects/*/Host" ]
}

systemd service:

[Unit]
Description=Icinga host/service/network monitoring system
After=postgresql.service mariadb.service carbon-cache.service mysql.service yslog.target

[Service]
Type=simple
ExecStartPre=/usr/lib/icinga2/prepare-dirs /usr/lib/icinga2/icinga2
ExecStart=/usr/sbin/icinga2 daemon -e /var/log/icinga2/error.log
ExecReload=/usr/lib/icinga2/safe-reload /usr/lib/icinga2/icinga2
PIDFile=/run/icinga2/icinga2.pid

[Install]
WantedBy=multi-user.target

The only way to prevent the log statements is to disable feature api, which of course isn't desirable.

I attempted configuring syslog, filelogger, in a .conf file to no avail. Disabling features debuglog, mainlog, also result in spam.

Thank you!

score 1 · Answer 1 · answered Dec 16 '16 at 20:32

1

It looks like that is an "Information"-level log entry. To remove it you'll need to change your logging to a higher level. In

/etc/icinga2/features-enabled/mainlog.conf

I have

object FileLogger "main-log" {
  severity = "information"
  path = LocalStateDir + "/log/icinga2/icinga2.log"
}

According to the docs the next step up from "information" would be "warning".

It looks like the same setting should be available for the SyslogLogger which should be the logger you're using.

answered Dec 16 '16 at 20:32

DerfK

19,313
2
35
51

works flawlessly for mainlog. apilistener statements do not make it to icinga2.log anymore. However the "syslog.conf" feature, configured for severity warning, still lets "information" apilistener statements through. – louisgab Dec 16 '16 at 20:51

score 0 · Answer 2 · answered Dec 16 '16 at 20:59

0

Turns out it could be a systemd thing.

ExecStart=/usr/sbin/icinga2 daemon -e /var/log/icinga2/error.log --log-level warning

fixes the issue in a brute-force way.

This is not quite what I was looking for, but I can live with it.

answered Dec 16 '16 at 20:59

louisgab

131
1
7

score 0 · Answer 3 · answered Sep 29 '18 at 12:48

What you're seeing isn't actually the output of the SyslogLogger feature of Icinga2, but the standard output of the icinga2 process, hence the duplicate timestamp. The documentation says:

When running Icinga 2 on a terminal log messages with severity information or higher are written to the console.

This can be avoided by telling systemd to redirect stdout to /dev/null:

# cat /etc/systemd/system/icinga2.service.d/stdout.conf
[Service]                                      
StandardOutput=null

How to configure icinga2 apilistener logger

3 Answers3