This page describes how to access server logs for HashiCorp-managed clusters. Find the cluster's address on HCP Consul, then use the CLI to view the logs for individual clusters.
For information on accessing a server's audit logs to monitor API calls, refer to audit logs.
Accessing server logs requires the Consul CLI. If you do not have access to the CLI on your workstation, download and install Consul.
Accessing server logs also requires the address and admin token for the HashiCorp-managed cluster. To access the cluster's public or private address and admin token, complete the following steps:
- Sign in to the HCP Portal and select your organization.
- Click Consul.
- Click the name of the cluster to access its cluster details page.
- Click Access Consul.
You can copy either the public or private address for the server. To view the admin token, click Generate admin token.
View server logs
The process to view an individual server's logs consists of the following steps:
- Use the cluster DNS address to resolve the IP addresses for the individual Consul servers.
- For each server, run
consul monitorin a separate terminal.
Resolve server addresses
nslookup or a similar tool to resolve the DNS address to individual server IPs. The lookup will succeed for both private and public clusters, but the IPs for private clusters are not routable
from your workstation unless you are within your corporate VPN or on a jump server.
$ nslookup consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud Server: 192.168.1.254 Address: 192.168.1.254#53 Non-authoritative answer: Name: consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud Address: 172.25.22.78 Name: consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud Address: 172.25.27.214 Name: consul-cluster-name.consul.alphanumeric-id.aws.hashicorp.cloud Address: 172.25.17.212
Access server logs
Turn off SSL verification and run
consul monitor on an individual server's IP address to output server logs to the terminal. Update the following command to include your server address and a valid admin token before issuing the command.
$ CONSUL_HTTP_SSL_VERIFY=false consul monitor \ -http-addr https://172.25.22.78 \ ## the server's IP -token <your-token-here> ## the cluster's admin token
It may take a minute or two for the logs to appear. A known issue causing this delay was fixed in the following Consul versions:
You can also add the
-log-level flag to specify a log level. Refer to
consul monitor for more information.
CONSUL_HTTP_SSL_VERIFY=false environment variable is required because the certificate for the servers is only valid for the domain name, not the individual IP address. In most cases you will use the domain name but in this specific case you must make requests to each individual IP.