1. Documentation
    2. history
×

Retrieving and analyzing the Collector logs and pod status

The first step in troubleshooting is to retrieve the logs and pods status. The logs allow you to identify the root cause of an error. In addition, examining the pod’s most recent status can provide information about failure messages.

Retrieving the Collector logs

First, you should examine the logs from failing Collectors. Depending on your environment and access rights, you can obtain these logs in two ways:

Retrieving the logs with the oc or kubectl command

You can use either the oc or kubectl command to obtain logs from your running Collector pod. Optionally, you can even check the logs from a previous Collector pod if your current Collector pod is restarting.

Prerequisites

  • Ensure that you have the authority to list the pods and logs:

    $ oc auth can-i get pods && oc auth can-i get pods --subresource=logs (1)
    1 If you use Kubernetes, enter kubectl instead of oc.
Procedure

  1. List all the pods with label app=collector:

    $ oc get pods -n stackrox -l app=collector (1)
    1 If you use Kubernetes, enter kubectl instead of oc.
    Example output
    collector-vclg5    1/2     CrashLoopBackOff   2 (25s ago)   2m41s+

  2. Get the logs for the Collector pod:

    $ oc logs -n stackrox <collector_pod_name> collector (1)
    1 If you use Kubernetes, enter kubectl instead of oc. For <collector_pod_name>, specify the name of your Collector pod, for example, collector-vclg5.

  3. (Optional) If the current Collector pod is restarting, you can check the logs for the previous Collector pod:

    $ oc logs -n stackrox <collector_pod_name> collector --previous (1)
    1 If you use Kubernetes, enter kubectl instead of oc. For <collector_pod_name>, specify the name of your Collector pod, for example, collector-vclg5.

Retrieving logs from a RHACS diagnostic bundle

You can also access Collector logs by downloading a diagnostic bundle from the Red Hat Advanced Cluster Security for Kubernetes (RHACS) user interface. Once you have downloaded the diagnostic bundle, you can inspect the logs for all the Collector pods. For more information, see Generating a diagnostic bundle.

Analyzing the Collector pod status

Examining the pod’s most recent status is another easy way to determine the cause of a Collector crash. Failure messages are recorded to the most recent status and are accessible using the kubectl describe pod or oc describe pod command.

Procedure

  • Describe the Collector pod:

    $ oc describe pod -n stackrox <collector_pod_name> (1)
    1 If you use Kubernetes, enter kubectl instead of oc. For <collector_pod_name>, specify the name of your Collector pod, for example, collector-vclg5.
    Example output
    [...]
    Last State:     Terminated
      Reason:       Error
      Message:      No suitable kernel object downloaded (1)
      Exit Code:    1
      Started:      Fri, 21 Oct 2022 11:50:56 +0100
      Finished:     Fri, 21 Oct 2022 11:51:25 +0100
[...]
    1 In this example, you can see that Collector has failed to download a kernel driver.