Using Impala Logging

• By default, the log files are under the directory /var/log/impala. To change log file locations, modify the defaults file described in Starting Impala.
• The significant files for the impalad process are impalad.INFO, impalad.WARNING, and impalad.ERROR. You might also see a file impalad.FATAL, although this is only present in rare conditions.
• The significant files for the statestored process are statestored.INFO, statestored.WARNING, and statestored.ERROR. You might also see a file statestored.FATAL, although this is only present in rare conditions.
• The significant files for the catalogd process are catalogd.INFO, catalogd.WARNING, and catalogd.ERROR. You might also see a file catalogd.FATAL, although this is only present in rare conditions.
• Examine the .INFO files to see configuration settings for the processes.
• Examine the .WARNING files to see all kinds of problem information, including such things as suboptimal settings and also serious runtime errors.
• Examine the .ERROR and/or .FATAL files to see only the most serious errors, if the processes crash, or queries fail to complete. These messages are also in the .WARNING file.
• A new set of log files is produced each time the associated daemon is restarted. These log files have long names including a timestamp. The .INFO, .WARNING, and .ERROR files are physically represented as symbolic links to the latest applicable log files.
• The init script for the impala-server service also produces a consolidated log file /var/logs/impalad/impala-server.log, with all the same information as the corresponding.INFO, .WARNING, and .ERROR files.
• The init script for the impala-state-store service also produces a consolidated log file /var/logs/impalad/impala-state-store.log, with all the same information as the corresponding.INFO, .WARNING, and .ERROR files.

Impala stores information using the glog_v logging system. You will see some messages referring to C++ file names. Logging is affected by:

• The GLOG_v environment variable specifies which types of messages are logged. See Setting Logging Levels for details.
• The --logbuflevel startup flag for the impalad daemon specifies how often the log information is written to disk. The default is 0, meaning that the log is immediately flushed to disk when Impala outputs an important messages such as a warning or an error, but less important messages such as informational ones are buffered in memory rather than being flushed to disk immediately.

Review Impala log files on each host, when you have traced an issue back to a specific system.

Impala periodically switches the physical files representing the current log files, after which it is safe to remove the old files if they are no longer needed.

Impala can automatically remove older unneeded log files, a feature known as log rotation.

In Impala 2.2 and higher, the --max_log_files configuration option specifies how many log files to keep at each severity level. You can specify an appropriate setting for each Impala-related daemon (impalad, statestored, and catalogd). The default value is 10, meaning that Impala preserves the latest 10 log files for each severity level (INFO, WARNING, ERROR, and FATAL). Impala checks to see if any old logs need to be removed based on the interval specified in the logbufsecs setting, every 5 seconds by default.

A value of 0 preserves all log files, in which case you would set up set up manual log rotation using your Linux tool or technique of choice. A value of 1 preserves only the very latest log file.

By default, the Impala log is stored at /var/logs/impalad/. The most comprehensive log, showing informational, warning, and error messages, is in the file name impalad.INFO. View log file contents by using the web interface or by examining the contents of the log file. (When you examine the logs through the file system, you can troubleshoot problems by reading the impalad.WARNING and/or impalad.ERROR files, which contain the subsets of messages indicating potential problems.)

On a machine named impala.example.com with default settings, you could view the Impala logs on that machine by using a browser to access http://impala.example.com:25000/logs.

You can view the contents of the impalad.INFO log file in the file system. With the default configuration settings, the start of the log file appears as follows:

[user@example impalad]$ pwd
/var/log/impalad
[user@example impalad]$ more impalad.INFO
Log file created at: 2013/01/07 08:42:12
Running on machine: impala.example.com
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
I0107 08:42:12.292155 14876 daemon.cc:34] impalad version 0.4 RELEASE (build 9d7fadca0461ab40b9e9df8cdb47107ec6b27cff)
Built on Fri, 21 Dec 2012 12:55:19 PST
I0107 08:42:12.292484 14876 daemon.cc:35] Using hostname: impala.example.com
I0107 08:42:12.292706 14876 logging.cc:76] Flags (see also /varz are on debug webserver):
--dump_ir=false
--module_output=
--be_port=22000
--classpath=
--hostname=impala.example.com

The logs store information about Impala startup options. This information appears once for each time Impala is started and may include:

• Machine name.
• Impala version number.
• Flags used to start Impala.
• CPU information.
• The number of available disks.

There is information about each job Impala has run. Because each Impala job creates an additional set of data about queries, the amount of job specific data may be very large. Logs may contained detailed information on jobs. These detailed log entries may include:

• The composition of the query.
• The degree of data locality.
• Statistics on data throughput and response times.

Impala uses the GLOG system, which supports three logging levels. You can adjust logging levels by exporting variable settings. To change logging settings manually, use a command similar to the following on each node before starting impalad:

export GLOG_v=1

For more information on how to configure GLOG, including how to set variable logging levels for different system components, see documentation for the glog project on github.

Log redaction is a security feature that prevents sensitive information from being displayed in locations used by administrators for monitoring and troubleshooting, such as log files and the Impala debug web user interface. You configure regular expressions that match sensitive types of information processed by your system, such as credit card numbers or tax IDs, and literals matching these patterns are obfuscated wherever they would normally be recorded in log files or displayed in administration or debugging user interfaces.

In a security context, the log redaction feature is complementary to the Sentry authorization framework. Sentry prevents unauthorized users from being able to directly access table data. Redaction prevents administrators or support personnel from seeing the smaller amounts of sensitive or personally identifying information (PII) that might appear in queries issued by those authorized users.

See the documentation for your Apache Hadoop distribution for details about how to enable this feature and set up the regular expressions to detect and redact sensitive information within SQL statement text.