No Coder Logs

Taking this over from general. What I want to do: Monitor Coder Web Logins with fail2ban just to be sure, but I can't find the logs anywhere. System: Debian Bullseye, Coder running as Systemd Service. Nothing else is running on the system despite what's neccessary for coder itself and standard system tools like ssh server. Running
sudo journalctl -u coder -f | grep login
sudo journalctl -u coder -f | grep login
returns nothing. Dropping the -f at least brings up something:
sudo journalctl -u coder | grep login
Dez 23 12:33:03 coder coder[3099]: coder login https://our.domain.dev
sudo journalctl -u coder | grep login
Dez 23 12:33:03 coder coder[3099]: coder login https://our.domain.dev
But that is all. I also checked syslog, auth.log and systemctl status of coder, but theres nothing there as well.
15 Replies
kyle
kyle2y ago
The -f will only tail the logs, but removing it should dump all logs from all time for the Coder service.
Hannsr
HannsrOP2y ago
Yeah it's really weird. Like there is nothing being logged at all by coder.
kyle
kyle2y ago
Oh, seems like that's showing commands you have ran actually... that's super odd.
Hannsr
HannsrOP2y ago
Yeah I ran both. It was weird already when I set up the new system and had some errors in the coder.env and all it said was "failed to start", no error log at all.
kyle
kyle2y ago
Are you sure it's running with systemd? I'm not sure where else the logs would go.
Hannsr
HannsrOP2y ago
Yeah, definitely. But I'll double-check tomorrow.
kyle
kyle2y ago
Cool, just let me know!
Hannsr
HannsrOP2y ago
Just checked, but yeah, running as systemd service:
coder.service - "Coder - Self-hosted developer workspaces on your infra"
Loaded: loaded (/lib/systemd/system/coder.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-02 16:42:01 CET; 2 days ago
Docs: https://coder.com/docs/coder-oss
Main PID: 534 (coder)
Tasks: 26 (limit: 38492)
Memory: 1.0G
CPU: 13min 28.495s
CGroup: /system.slice/coder.service
├─ 534 /usr/bin/coder server
├─ 601 /home/coder/.config/coderv2/postgres/bin/bin/postgres -D /home/coder/.config/coderv2/postgres/data -p 36497
├─ 603 postgres: checkpointer
├─ 604 postgres: background writer
├─ 605 postgres: walwriter
├─ 606 postgres: autovacuum launcher
├─ 607 postgres: stats collector
├─ 608 postgres: logical replication launcher
├─ 779 postgres: coder coder ::1(45108) idle
├─ 816 postgres: coder coder ::1(45116) idle
├─ 834 postgres: coder coder ::1(45180) idle
└─90044 postgres: coder coder ::1(34738) idle
coder.service - "Coder - Self-hosted developer workspaces on your infra"
Loaded: loaded (/lib/systemd/system/coder.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-01-02 16:42:01 CET; 2 days ago
Docs: https://coder.com/docs/coder-oss
Main PID: 534 (coder)
Tasks: 26 (limit: 38492)
Memory: 1.0G
CPU: 13min 28.495s
CGroup: /system.slice/coder.service
├─ 534 /usr/bin/coder server
├─ 601 /home/coder/.config/coderv2/postgres/bin/bin/postgres -D /home/coder/.config/coderv2/postgres/data -p 36497
├─ 603 postgres: checkpointer
├─ 604 postgres: background writer
├─ 605 postgres: walwriter
├─ 606 postgres: autovacuum launcher
├─ 607 postgres: stats collector
├─ 608 postgres: logical replication launcher
├─ 779 postgres: coder coder ::1(45108) idle
├─ 816 postgres: coder coder ::1(45116) idle
├─ 834 postgres: coder coder ::1(45180) idle
└─90044 postgres: coder coder ::1(34738) idle
No more Ideas anyone? 😦
maf
maf2y ago
Does secifying .service help? I.e. sudo journalctl -u coder.service
Hannsr
HannsrOP2y ago
Same output as without .service I also just tried again to login with wrong credentials, but nothing in the logs, no matter if with/without .serviceadded.
maf
maf2y ago
Do you have verbose enabled in coder.env? You can add CODER_VERBOSE=true to /etc/coder.d/coder.env and restart the coder service. Then you should see something like this:
2023-01-09 12:28:31.651 [DEBUG] (coderd) <./coderd/httpmw/logger.go:63> Logger.func1.1.1 POST {"host": "[domain]:7080", "path": "/api/v2/users/login", "proto": "HTTP/1.1", "remote_addr": "192.168.1.76", "took": "106.59659ms", "status_code": 401, "latency_ms": 106, "request_id": "cb73df4f-5097-42c7-8dd1-7715ca08fc62"}
2023-01-09 12:28:31.651 [DEBUG] (coderd) <./coderd/httpmw/logger.go:63> Logger.func1.1.1 POST {"host": "[domain]:7080", "path": "/api/v2/users/login", "proto": "HTTP/1.1", "remote_addr": "192.168.1.76", "took": "106.59659ms", "status_code": 401, "latency_ms": 106, "request_id": "cb73df4f-5097-42c7-8dd1-7715ca08fc62"}
Hannsr
HannsrOP2y ago
Ok, adding verbose does work, now I can see login attempts. But having it log everything like that might not be great in the long run. Can I tweak it somehow so logins aren't just available with logging everything?
maf
maf2y ago
One option would be to modify the code and add a second condition, like:
if sw.Status == http.StatusUnauthorized {
logLevelFn = httplog.Info
}
if sw.Status == http.StatusUnauthorized {
logLevelFn = httplog.Info
}
Here: https://github.com/coder/coder/blob/a4ca8ffa651f4b0cd44b1b77d002c21bda877593/coderd/httpmw/logger.go#L56-L58 But other than that, it's not currently possible, I'm afraid. Would you care to open up a feature request on the issue tracker describing what you want to achieve and why?
Hannsr
HannsrOP2y ago
Oh well, my coding experience is basically none, but I can give it a try. Thanks either way! And sure, I'll do that once I have a few minutes. I'm not entirely sure it is necessary, but having the option to add another security layer can't hurt 🙂 I noticed I'll have to update caddy as well then since it doesn't forward the real IP in the basic setup. Thanks for looking into it!
Codercord
Codercord2y ago
Marked the thread as resolved.

Did you find this page helpful?