About MAAS logging

Errors or typos? Topics missing? Hard to read? Let us know.

This page describes basic MAAS logging operations. For more details, refer to these reference pages:

Remote syslog (3.4 UI)

To enable remote logging, choose Settings > Network > Syslog, and enter your syslog server’s IP/URL under Remote syslog server to forward machine logs.

Remote syslog (3.3-- UI)

To enable remote logging, choose Settings > Network services > Syslog; add your syslog server’s IP/UL; and click Save.

Remote syslog (CLI)

maas $PROFILE maas set-config name="remote_syslog" value="$SYSLOG_FQDN"
# Example for setting syslog server to 192.168.100.11:
maas $PROFILE maas set-config name="remote_syslog" value=192.168.100.11
# To reset to default (sending syslog to MAAS region controllers):
maas $PROFILE maas set-config name="remote_syslog" value="

Note: Only machine syslog information is forwarded, not MAAS controllers’ syslogs.

Direct log access

Logs can be found at the following paths depending on your installation type (snap or package):

  • Snap installation:

    • /var/snap/maas/common/log/maas.log
    • /var/snap/maas/common/log/regiond.log
    • /var/snap/maas/common/log/rackd.log
    • /var/snap/maas/common/log/rsyslog/$MACHINE_NAME/$RELEVANT_DATE/messages
  • Package installation:

    • /var/log/maas/maas.log
    • /var/log/maas/regiond.log
    • /var/log/maas/rackd.log
    • /var/log/maas/rsyslog/$MACHINE_NAME/$RELEVANT_DATE/messages

Logs can be extensive and challenging to search. The MAAS web UI does not categorise events by type.

Events query (CLI)

The most efficient way to review events is using the events query CLI sub-command. This command allows filtering and summarising events. Use jq and various filters to simplify output interpretation.

Basic queries

maas $PROFILE events query

This command returns a lengthy JSON output, which can be simplified using jq and various filters, making it more readable.

Using jq with events

A jq command example for readable output:

maas $PROFILE events query limit=20 | jq -r '(["USERNAME","NODE","HOSTNAME","LEVEL","DATE","TYPE","EVENT"] | (., map(length*"-"))), (.events[] | [.username,.node,.hostname,.level,.created,.type,.description]) | @tsv' | column -t -s$'\t'

Filter parameters

The events query command supports multiple filters:

  • hostname: Events for a specific node hostname.
  • mac_address: Events for nodes with specified MAC addresses.
  • id: Events for nodes with specific system IDs.
  • zone: Events for nodes in a particular zone.
  • level: Filter by event level (AUDIT, CRITICAL, DEBUG, ERROR, INFO, WARNING).
  • limit: Maximum number of events to return.
  • before/after: Start returning events before or after a specific event ID.

Example usage of these filters can narrow down event listings significantly.

Auditing finesse

Audit events, tagged with AUDIT, record MAAS configuration changes and machine state transitions. They’re essential for tracking user actions and system updates, especially in multi-user environments.

Use audit events alongside jq and command-line text tools to analyse actions like machine deletions, configuration changes, and user activities. This can provide insights into system changes and help identify areas for attention or improvement.


Last updated 2 hours ago.