Logging in DSS

Introduction

DSS processes write their log files to directory DATADIR/run:

Log file

Content

backend.log

Logs of the main DSS process (backend). This includes logs for all user operations directly performed in DSS, including through APIs. Training sessions in Visual analysis are also included in this log file.

hproxy.log

Hadoop connectivity process (hproxy, optional)

nginx.log

General log of the main HTTP server (nginx). This does not include the trace of user activity

nginx/access.log

Access log of the main HTTP server (nginx)

ipython.log

Logs of the Jupyter server, used by Python, R and Scala notebook.

supervisord.log

Process control and supervision. This log file contains traces of all processes starts / stops

frontend.log

Logs of Javascript activity on user’s browsers

Customizing log levels

Note

Dataiku DSS has been confirmed to be not vulnerable to the family of vulnerabilities regarding Log4J:

  • “log4shell” vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

  • JMSAppender and JMSSink vulnerabilities (CVE-2021-4104, CVE-2021-44832,CVE-2022-23302)

  • JDBCAppender vulnerabilities (CVE-2022-23305)

  • SocketAppender vulnerability (CVE-2019-17571)

  • SMTPAppender vulnerability (CVE-2020-9488)

  • Chainsaw vulnerability (CVE-2022-23307)

No mitigation action nor upgrade is required. Dataiku keeps closely monitoring the security situation on log4j, as it does for all of its third-party dependencies, and will take action if a vulnerability is exploitable.

The main processes in DSS use the log4j library for logging. You can configure the log level:

  • By logger (logging category)

  • By process

In a typical DSS log line:

[2017/02/13-09:01:01.421] [DefaultQuartzScheduler_Worker-1] [INFO] [dku.projects.stats.git]  - [ct: 365] Analyzing 17 commits

The logger is the 4th component: dku.projects.stats.git

Log levels are configured by creating, in the DSS data dir, a file named resources/logging/dku-log4j.properties

# Set, for all processes, the 'dku.recipes.sql' logger to INFO level.
# Note that this also sets INFO for all subloggers of dku.recipes.sql
log4j.logger.dku.recipes.sql = INFO

Properties set in dku-log4j.properties will apply to all main DSS processes (See The different Java processes for more information).

To set log levels only for a certain type of processes, like jek, create a file named resources/logging/dku-jek-log4j.properties and add the same kind of properties.

Warning

Please note that modifying or lowering the logging levels can potentially reduce the ability of Dataiku Support to investigate / debug certain issues and result in an overall degraded support experience. In these situations, you will likely be asked to revert these logging level changes and reproduce the issue when further investigation is required.

Configuring log file rotation

Main DSS processes log files

By default, the “main” log files are rotated when they reach a given size, and purged after a given number of rotations. The following installation configuration directives can be used to customize this behavior.

By default, rotation happens every 50 MB and 10 files are kept

[logs]
# Maximum file size, default 50MB.
# Suffix multipliers "KB", "MB" and "GB" can be used in this value.
logfiles_maxbytes = SIZE
# Number of retained files, default 10.
logfiles_backups = NUMBER_OF_FILES

You should then regenerate DSS configuration and restart DSS, as described in Installation configuration file.

This procedure applies to the following log files:

  • backend.log

  • hproxy.log

  • ipython.log

  • nginx.log

frontend.log

This is a low-level log for debug purposes only. It is rotated independently of the others, on a non-configurable schedule.

nginx/access.log

This file is rotated daily, whatever its size. The rotated file is compressed. Older files are then purged, in order to keep a total max size of logs below 64 MB

In the ini file, you can override this behavior

[logs]
# Set this to false to disable access.log rotation
rotate_accesslog = true

# Maximum cumulative size to keep (in bytes). Suffix multipliers are not allowed
accesslog_purge_size = 67108864

Audit logs

See Audit Trail.

Manual log file rotation

The following command forces DSS to close and reopen its log files (main DSS processes log files and nginx access log). Combined with standard tools like logrotate(8), and the possibility to disable automatic log rotation as described above, this lets you take full control over the DSS log rotation process, and integrate it in your log file handling framework.

# Use standard Unix commands to rename DSS current log files
...
# Force DSS to reopen new log files
DATADIR/bin/dss reopenlogs