# Enable Default-Tenant logging

The Default Tenant in DuploCloud is the central management space for platform-wide resources and configurations, including monitoring and logging. Enabling logging in the Default Tenant deploys comprehensive Control Plane monitoring. This deployment uses OpenSearch and Kibana to retrieve and display log data. Once logging is enabled for the Default Tenant, you can [enable logging for non-Default Tenants](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/central-logging/enable-non-default-tenant-logging) and [configure logging per Tenant](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/central-logging/configure-logging-per-tenant).

{% hint style="info" %}
Central logging is typically set up during DuploCloud onboarding. Contact DuploCloud Support if you have questions about this process. 
{% endhint %}

## Prerequisites

* If needed, [make changes to the Control Plane Configuration](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/central-logging/custom-log-collection). You cannot modify the Control Plane Configuration after you set up logging.
* If needed, customize Elastic Filebeat logging. Docker applications use `stdout` to write log files, collect logs, place them in the Host directory, mount them into [Filebeat](https://www.elastic.co/beats/filebeat) containers, and send them to [AWS Elasticsearch](https://aws.amazon.com/what-is/elasticsearch/). If you need to customize log collection using folders other than `stdout`, follow [this procedure](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/custom-log-collection#customizing-elastic-filebeat-logging). Log collection cannot be customized after logging is set up.

## Enabling Default-Tenant Logging

1. From the **Tenant** list box at the top of the DuploCloud Portal, select the **Default** Tenant.

2. In the DuploCloud Portal, navigate to **Administrator** -> **Observability** -> **Standard** -> **Settings**, and select the **Logging** tab.

3. Click the **Enable Logging** link. The **Enable Logging** page displays.<br>

   <div align="left"><figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2FeIZx4PipNzix8nf22TH3%2Fimage.png?alt=media&#x26;token=a5189bc9-cf33-418a-bbbf-293e8f67b95e" alt=""><figcaption><p>The <strong>Logging</strong> tab with the <strong>Enable Logging</strong> link</p></figcaption></figure></div>

4. In the **Select Tenant** list box, select **Default**.

5. In the **Cert ARN** field, enter the ARN certificate for the Default Tenant.&#x20;

{% hint style="info" %}
Find the ARN certificate by selecting the **Default** Tenant from the **Tenant** list box at the top of the DuploCloud Portal, navigating to **Administrator** -> **Plans**, selecting the Plan that matches your Infrastructure **Name**, clicking the **Certificates** tab, and copying the ARN from the Certificate ARN column.
{% endhint %}

6. Enter the number of days to retain logs in the **Log Retention in Index (Days)** field.&#x20;
7. Click **Submit**. Data gathering takes about fifteen (15) minutes. When data gathering is complete, graphical logging data is displayed on the **Logging** tab.&#x20;

<figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2FQauSLhvX7XHLxCeIrzi9%2Fnew%20logging.png?alt=media&#x26;token=f624cc5c-0cb5-4b94-9703-314612cbf60d" alt=""><figcaption><p>The <strong>Enable Logging</strong> page</p></figcaption></figure>

{% hint style="info" %}
When you enable logging for a Tenant, an Elastic Filebeat Service starts and begins log collection. The [Elastic Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html) Service must be running for log collection to occur.&#x20;

To view the Filebeat Service, navigate to **Kubernetes** -> **Services.** To view the Filebeat containers, navigate to **Kubernetes** -> **Containers**. In the row of the container, click on the menu icon and select **Logs**.
{% endhint %}

Once logging is enabled for the Default Tenant, you can [enable logging for other Tenants](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/central-logging/enable-non-default-tenant-logging).&#x20;

## How DuploCloud Configures Logging

When you perform the steps above to configure logging, DuploCloud does the following:

### Control Plane deployment

1. **An EC2 Host is added** in the default Tenant, for example, **duploservices-default-oc-diagnostics**.
2. **Services are added** in the default Tenant, one for OpenSearch and one for Kibana. Both services are pinned to the EC2 host using [allocation tags](https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/containers/eks-containers-and-services/creating-advanced-functions). Kibana is set up to point to ElasticSearch and exposed using an internal load balancer.
3. **Security rules from within the internal network to port 443 are added** in the default Tenant to allow log collectors that run on Tenant hosts to send logs to ElasticSearch. &#x20;

### Log Collector deployment

1. A Filebeat service (`filebeat-duploinfrasvc)` is deployed for each Tenant where central logging is enabled.&#x20;
2. The `/var/lib/docker/Containers` are mounted from the Host into the Filebeat container. The Filebeat container references ElasticSearch, which runs in the **Default** Tenant. Inside the container, Filebeat is configured so that every log line is added with metadata information consisting of the Tenant name, Service names, Container ID, and Hostname, enabling ease of search using these parameters with ElasticSearch.   &#x20;