Q1. What types of logs does the OpsRamp Gateway collect and store in the syslog?

A: The OpsRamp Gateway uses rsyslog, and the syslog contains general operating system and service messages (typically INFO level and above). Some log categories such as authentication, cron, mail, and kernel messages may be written to separate log files based on the system’s logging configuration.

Q2. Where is the syslog stored locally on the gateway?

A: On the OpsRamp Gateway, syslog is stored locally in the standard Linux log directory, /var/log/. The primary syslog file is typically /var/log/syslog, and it is maintained by the gateway’s rsyslog service according to the system logging configuration and retention/rotation policies

Q3. How long are syslog files maintained on the gateway?

A: Syslog retention is managed by Ubuntu logrotate. The primary syslog file is rotated daily, and the gateway retains up to 7 rotated copies. Rotation occurs when logrotate runs (typically once per day) and the syslog file size is 10 MB or greater at that time; rotated logs are compressed to reduce disk usage.

Q4 Are syslog files sent periodically to the OpsRamp cloud?

A: No. Syslog files are not periodically sent from the gateway to the OpsRamp cloud. In the Classic Gateway, certain high-severity syslog messages can be processed locally and used to generate alerts in the OpsRamp portal. This behavior is not enabled in the NextGen Gateway.