Installation
Running the Server
STDIO Transport Mode
HTTP Streaming Transport Mode
Available Tools
The server provides the following tools for logging management:| Tool Name | Description |
|---|---|
list_log_groups | List log groups in a given compartment |
list_logs | List logs in a given log group |
get_log | Get detailed information about a log using its OCID |
Usage Examples
List Log Groups
List Logs in a Group
Get Log Details
- Log type (service, custom, audit)
- Retention period
- Log configuration
- Associated resources
- Archiving settings
Understanding OCI Logging
What is OCI Logging?
OCI Logging is a centralized log management service that:- Collects Logs from OCI services and applications
- Stores Logs with configurable retention
- Analyzes Logs using search and filtering
- Archives Logs to Object Storage
- Integrates with Monitoring, Events, and Security services
Log Types
Service Logs- Automatically generated by OCI services
- VCN Flow Logs - Network traffic
- Load Balancer Access/Error Logs
- API Gateway Access/Execution Logs
- Object Storage Access Logs
- Functions Invoke Logs
- Track API calls and administrative actions
- Automatically enabled for all tenancies
- Stored in special audit log groups
- Critical for compliance and security
- Application logs from compute instances
- Custom application logging
- Aggregated using Logging Agent
- Flexible schema and format
Log Groups
Log groups are logical containers for organizing logs:- Organize logs by environment, application, or service
- Apply IAM policies at log group level
- Simplify log management
- Can contain multiple logs
Key Features
Retention- Configure retention from 1 to 6 months
- Automatic deletion after retention period
- Archive to Object Storage for long-term retention
- Read - Service data plane operations
- Write - Create, update, delete operations
- Configure log detail levels
- Filter noise from important events
- Balance verbosity and cost
Architecture
Logging Components
Log Flow
- Generation - Service or application emits logs
- Collection - Logging service or agent collects logs
- Ingestion - Logs written to OCI Logging
- Storage - Retained based on configuration
- Analysis - Search and query via console or API
- Archive - Optional long-term storage
- Action - Trigger events, alarms, or automation
Authentication
The server uses OCI CLI configuration from~/.oci/config:
Required Permissions
Your OCI user or instance principal needs these IAM permissions: Read Logs:Common Use Cases
Security & Compliance
- Enable VCN flow logs for network forensics
- Monitor API audit logs for security events
- Track administrative actions
- Meet compliance logging requirements
- Detect anomalous behavior
Troubleshooting
- Debug application issues with custom logs
- Analyze load balancer access patterns
- Investigate network connectivity problems
- Review API Gateway execution logs
- Trace request flows across services
Performance Analysis
- Analyze response times from access logs
- Identify slow queries or operations
- Monitor error rates
- Track resource utilization
Operational Monitoring
- Aggregate logs from multiple sources
- Set up alerts on log patterns
- Monitor service health
- Track deployment impacts
Enabling Common Service Logs
VCN Flow Logs
Capture network traffic metadata:- Source and destination IPs
- Ports and protocols
- Packet counts and bytes
- Accept/reject decisions
- Network troubleshooting
- Security analysis
- Bandwidth monitoring
- Compliance auditing
Load Balancer Logs
Access Logs:- Client IP and request details
- Response codes and sizes
- Backend server selection
- Request timing
- Backend failures
- SSL/TLS errors
- Health check failures
Object Storage Logs
Track object operations:- Read/write/delete events
- User and source IP
- Timestamps
- Success/failure status
Best Practices
Log Organization
- Use descriptive log group names
- Organize by environment (dev, test, prod)
- Separate service logs from application logs
- Group related logs together
Retention & Archiving
- Set appropriate retention periods
- Archive critical logs to Object Storage
- Balance storage costs with compliance needs
- Document retention policies
Security
- Enable audit logging
- Protect log data with IAM policies
- Don’t log sensitive data (passwords, tokens)
- Encrypt logs at rest and in transit
- Monitor access to log data
Cost Optimization
- Set retention to minimum required period
- Archive to Object Storage for long-term retention
- Use log categories to filter unnecessary logs
- Monitor ingestion volume
- Consider sampling for high-volume logs
Monitoring & Alerting
- Create alarms on log patterns
- Use Service Connector Hub to route logs
- Integrate with SIEM systems
- Set up automated responses
Integration Patterns
Log Analytics
- Export logs to OCI Logging Analytics
- Advanced querying and visualization
- Machine learning anomaly detection
- Long-term trend analysis
Service Connector Hub
- Route logs to Object Storage
- Stream to Functions for processing
- Forward to Monitoring for metrics
- Send to external SIEM
Events Service
- Trigger actions on log events
- Automate incident response
- Execute Functions based on patterns
- Send notifications
Troubleshooting
Log Group Not Found
Check:- Log group OCID is correct
- Log group is in expected compartment
- You have permission to view log group
- Log group exists in correct region
No Logs Appearing
For Service Logs:- Verify log is enabled on the service
- Check IAM policies allow log write
- Ensure service is generating events
- Wait a few minutes for propagation
- Verify Logging Agent is installed and running
- Check agent configuration
- Ensure network connectivity to Logging service
- Review agent logs for errors
Permission Errors
Error: NotAuthorizedOrNotFound- Verify IAM policies grant required permissions
- Check policy includes correct compartment
- Ensure using principal with access
- Verify log resource policy if applicable
High Ingestion Costs
Optimization strategies:- Review and reduce retention periods
- Filter out unnecessary log categories
- Sample high-volume logs
- Archive to Object Storage
- Remove or disable unused logs
Related Services
- Monitoring - Metrics and alarms
- Cloud Guard - Security monitoring
- Networking - VCN flow logs
- Object Storage - Log archiving