Research Help improve navigation and content organization by answering a short survey. Start Survey
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Server logs

This page describes how to access server logs for HashiCorp-managed clusters. Find the cluster's address on HCP Consul, then use the CLI to view the logs for individual clusters.

For information on accessing a server's audit logs to monitor API calls, refer to audit logs.

Prerequisites

Accessing server logs requires the Consul CLI. If you do not have access to the CLI on your workstation, download and install Consul.

Accessing server logs also requires the address and admin token for the HashiCorp-managed cluster. To access the cluster's public or private address and admin token, complete the following steps:

  1. Sign in to the HCP Portal and select your organization.
  2. Click Consul.
  3. Click the name of the cluster to access its cluster details page.
  4. Click Access Consul.

You can copy either the public or private address for the server. To view the admin token, click Generate admin token.

View server logs

The process to view an individual server's logs consists of the following steps:

  1. Use the cluster DNS address to resolve the IP addresses for the individual Consul servers.
  2. For each server, run consul monitor in a separate terminal.

Resolve server addresses

Run nslookup or a similar tool to resolve the DNS address to individual server IPs. The lookup will succeed for both private and public clusters, but the IPs for private clusters are not routable from your workstation unless you are within your corporate VPN or on a jump server.

$ nslookup consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud

Server:     192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
Name:   consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud
Address: 172.25.22.78
Name:   consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud
Address: 172.25.27.214
Name:   consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud
Address: 172.25.17.212

Access server logs

Turn off SSL verification and run consul monitor on an individual server's IP address to output server logs to the terminal. Update the following command to include your server address and a valid admin token before issuing the command.

$ CONSUL_HTTP_SSL_VERIFY=false consul monitor \
  -http-addr https://172.25.22.78 \ ## the server's IP
  -token <your-token-here> ## the cluster's admin token

It may take a minute or two for the logs to appear. A known issue causing this delay was fixed in the following Consul versions:

  • v1.15.2
  • v1.14.6
  • v1.13.7

You can also add the -log-level flag to specify a log level. Refer to consul monitor for more information.

Note: The CONSUL_HTTP_SSL_VERIFY=false environment variable is required because the certificate for the servers is only valid for the domain name, not the individual IP address. In most cases you will use the domain name but in this specific case you must make requests to each individual IP.