Logging

[redshiftzero]

We should make sure we have logging for audit and debugging purposes. It's quite common that admins will encounter an issue with their SecureDrop servers and we ask them to ship us their logs so we can figure out what is going wrong. Having robust logging on the workstations will help them and us debug.

Examples of kinds of events we should log:

• Failures in provisioning
• Successful provisioning
• Reprovisioning of particular VMs after an update
• Failures in decryption

As a rule of thumb, whenever we are creating notifications via notify-send, we should also log them.

Given that we have multiple VMs, I think a reasonable zeroth order approach for 3.2 would be to have logs stored in each persistent VM and dom0.

[redshiftzero]

In the design described in #88, maybe it would make sense to have two logs, one in dom0 for SecureDrop provisioning issues (related: #51) - this action would be something done by the Administrator - and one in the primary UI VM sd-svs:

I think it makes sense for feedback from submission processing to get passed up to sd-svs (instead of sd-journalist since sd-svs is where the UI will be) and then users if they encounter issues can send logs to their Admin, FPF or community support (perhaps there could be something in the UI that does precisely this).

[redshiftzero]

See also this Qubes GSoC idea: LogVMs

[redshiftzero]

a first step here is trying out the qubes.AppendLog service and seeing if it suffices for our centralized logging needs: QubesOS/qubes-issues#2023

[eloquence]

During the 10/23-11/6 sprint, @kushaldas will investigate the AppendLog functionality and report findings here.

[kushaldas]

The qubes.AppendLog service is not implemented yet. After reading through all the logs, I think nearest things we can do:

1st way

• Have our own internal queue in each vm to send loglines to another vm via a new qrexec system

2nd way

• Have our client tool + proxy + any required tool to write to journald (I have Python example ready)
• Have a secondary service to monitor journald and then send out qrexec based calls and loglines to a vm.

Option 1 should be easier I think (to maintain).

[redshiftzero]

did you see this (QubesOS/qubes-builder@58c8c0f#diff-ff568c8fe1b2773b0eed83aae8180c7d is what closed the above qubes.AppendLog ticket I linked to): https://github.com/QubesOS/qubes-builder/blob/master/rpc-services/qubesbuilder.BuildLog ?