Skip to content
Automation-cli[20.0.40]

Logs with automation-cli

Logs are an important part of operations. They enable us to understand the execution process.

Traces of operations (system audit)

All operations carried out on servers leave a trace of their passage in system logs.

The “logger” command is used in this process:

  • tag (-t) : “automation-cli”
  • priority level (-p) : “local6.debug”

The trace includes the login of the user who performed the operation, and depending on the type of operation:

  • “command”: ‘The complete command’.
  • “operation“ : ‘The value of the ’OPS” environment variable and the name of the operation.
  • “operationBook“ : ‘The value of the ’OPS” environment variable and the name of the operationBook.

To retrieve the list of operations performed with automation-cli, on the server, run :

Fenêtre de terminal
journalctl -t 'automation-cli'

Example of a trace :

Jan 01 15:35:15 infra automation-cli[1107688]: [root] operation : /var/lib/automation-cli => operation: health/callHealthChecksService

Log type

Standard

Each execution of the automation-cli run command generates a log, which contains :

  • The complete shell with numbered lines for easier debugging.
  • All standard and error output (stdOut/stdErr).
  • And all service messages.

This file may contain secrets.

Debug

If you switch to [debug] mode (/en/supplements#debug-debug), all debugging information can be found in the “automation-cli-debug.log” file. This file contains a lot of information, so may contain secrets..

Common

The “automation-cli-common.log” file is used when a piece of information doesn’t specifically concern a host, e.g. when VPN connections are started. As the information is controlled by “automation-cli”, it contains no secrets.

Log localization

Logs are created in the “automation-cli.logs” directory of your home directory, even those executed by prefixing the “automation-cli” command with “sudo”.

Log contents

The logs contain all “automation-cli” service messages, as well as “standard” and “error” output from the executed shell. As a result, secrets may appear in these files. It is up to the shell developer to hide this type of information.

Disable logs

WARNING: This is generally bad practice.

You can disable logs by passing the “-nl” switch to the run command, or pass the NOLOG=“1” environment variable. For global use: export NOLOG=“1”.

Deleting logs

To delete log files, use the clearlogs command. This command must be used with a value. The type of this value is “number”. It indicates to automation-cli the number of days to be deleted.

For example, this command will delete all files created in the last 10 days:

Fenêtre de terminal
automation-cli clearlogs 10

For example, this command will delete all logs:

Fenêtre de terminal
automation-cli clearlogs 0