Also the ovn-controller proc is running with file log level info, which
I would have taken that only
ovn logs greater than info would have been logged:
ovn-controller unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err
-vfile:info
On 28/09/2021 15:04, Brendan Doyle wrote:
Folks,
I can't find anything in docs on how this is supposed to work, but I
would have assumed
that if I set the ACL severity to 'alert; then I would only get a log,
if a pkt were dropped.
So for example i have an ACL rule:
to-lport 27000 (outport == @pg_vcn3_net1_sl3 && ip4.src ==
192.16.1.0/24 && udp.dst == 111) allow-related
log(name=fss-14,severity=alert)
I don't want to see logs for pkts that match this, but I do:
ovn-controller.log:2021-09-28T13:32:25.759Z|00023|acl_log(ovn_pinctrl0)|INFO|name="fss-14",
verdict=allow, severity=alert:
udp,vlan_tci=0x0000,dl_src=40:44:00:00:00:a0,dl_dst=40:44:00:00:05:00,nw_src=192.16.1.6,nw_dst=192.16.1.106,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=825,tp_dst=111
Is this the expected behavior?
And if so is the option to avoid ovn-controller.log filling up to
either not log allowed matches or to rate limit them
Thanks
Brendan
_______________________________________________
discuss mailing list
[email protected]
https://urldefense.com/v3/__https://mail.openvswitch.org/mailman/listinfo/ovs-discuss__;!!ACWV5N9M2RV99hQ!YD0EnKUmIwzV5ohd5PE93cJYjgF8LSeK8Qx5W4gG6mCbAsWsEKZQj3qx4XHPnd-OJZw$
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
