If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
This assumes OpenShift has been configured with an Operator to injest and store log data. This is typically done using Loki or Elastic Search.
There are a few different commands that can be used to view logs.
- oc logs command can be used to view for a particular resource, such as a pod, a service, a replica set, and so on
- oc node-logs command can be used to view node logs (this article)
I like to think of a "machine" as OpenShift representation of a Virtual Machine, such as an Amazon Web Services (AWS) EC2 Instance, or a VMWare Virtual Machine, and then a Node, and then the pods running on the node.
There are different types of nodes.
- compute
- edge
- infra
- master
- worker
The oc get nodes command will return the list of nodes.
~]$ oc get nodes
NAME STATUS ROLES AGE VERSION
my-node-edge-lm6wz Ready infra,worker 519d v1.23.5+012e945
my-node-edge-pmlls Ready infra,worker 519d v1.23.5+012e945
my-node-infra-c4v5h Ready infra,worker 519d v1.23.5+012e945
my-node-infra-mc8rc Ready infra,worker 519d v1.23.5+012e945
my-node-infra-p9cjv Ready infra,worker 519d v1.23.5+012e945
my-node-master-0 Ready master 522d v1.23.5+012e945
my-node-master-1 Ready master 522d v1.23.5+012e945
my-node-master-2 Ready master 522d v1.23.5+012e945
my-node-worker-lk5vm Ready compute,worker 61d v1.23.5+012e945
my-node-worker-pj4r4 Ready compute,worker 61d v1.23.5+012e945
When using the oc adm node-logs command you must include the --role option. The role will be the type of node, such as compute, edge, infra, master or worker. The --path option can be used to view what logs are available in each node (each master node in this example).
~]$ oc adm node-logs --role master --path=/
lab001-master-0 README
lab001-master-0 audit/
lab001-master-0 btmp
lab001-master-0 btmp-20250301
lab001-master-0 chrony/
lab001-master-0 containers/
lab001-master-0 crio/
lab001-master-0 etcd/
lab001-master-0 glusterfs/
lab001-master-0 journal/
lab001-master-0 kube-apiserver/
lab001-master-0 lastlog
lab001-master-0 oauth-apiserver/
lab001-master-0 oauth-server/
lab001-master-0 openshift-apiserver/
lab001-master-0 openvswitch/
lab001-master-0 ovn/
lab001-master-0 pods/
lab001-master-0 private/
lab001-master-0 qemu-ga/
lab001-master-0 samba/
lab001-master-0 sssd/
lab001-master-0 tallylog
lab001-master-0 vmware-network.1.log
lab001-master-0 vmware-network.2.log
lab001-master-0 vmware-network.3.log
lab001-master-0 vmware-network.4.log
lab001-master-0 vmware-network.5.log
lab001-master-0 vmware-network.6.log
lab001-master-0 vmware-network.7.log
lab001-master-0 vmware-network.log
lab001-master-0 vmware-vgauthsvc.log.0
lab001-master-0 vmware-vmsvc-root.1.log
lab001-master-0 vmware-vmsvc-root.10.log
lab001-master-0 vmware-vmsvc-root.2.log
lab001-master-0 vmware-vmsvc-root.3.log
lab001-master-0 vmware-vmsvc-root.4.log
lab001-master-0 vmware-vmsvc-root.5.log
lab001-master-0 vmware-vmsvc-root.6.log
lab001-master-0 vmware-vmsvc-root.7.log
lab001-master-0 vmware-vmsvc-root.8.log
lab001-master-0 vmware-vmsvc-root.9.log
lab001-master-0 vmware-vmsvc-root.log
lab001-master-0 vmware-vmtoolsd-root.log
lab001-master-0 wtmp
lab001-master-1 README
lab001-master-1 audit/
lab001-master-1 btmp
lab001-master-1 btmp-20250301
lab001-master-1 chrony/
lab001-master-1 containers/
lab001-master-1 crio/
lab001-master-1 etcd/
lab001-master-1 glusterfs/
lab001-master-1 journal/
lab001-master-1 kube-apiserver/
lab001-master-1 lastlog
lab001-master-1 oauth-apiserver/
lab001-master-1 oauth-server/
lab001-master-1 openshift-apiserver/
lab001-master-1 openvswitch/
lab001-master-1 ovn/
lab001-master-1 pods/
lab001-master-1 private/
lab001-master-1 qemu-ga/
lab001-master-1 samba/
lab001-master-1 sssd/
lab001-master-1 tallylog
lab001-master-1 vmware-network.1.log
lab001-master-1 vmware-network.2.log
lab001-master-1 vmware-network.3.log
lab001-master-1 vmware-network.4.log
lab001-master-1 vmware-network.5.log
lab001-master-1 vmware-network.6.log
lab001-master-1 vmware-network.7.log
lab001-master-1 vmware-network.log
lab001-master-1 vmware-vgauthsvc.log.0
lab001-master-1 vmware-vmsvc-root.1.log
lab001-master-1 vmware-vmsvc-root.10.log
lab001-master-1 vmware-vmsvc-root.2.log
lab001-master-1 vmware-vmsvc-root.3.log
lab001-master-1 vmware-vmsvc-root.4.log
lab001-master-1 vmware-vmsvc-root.5.log
lab001-master-1 vmware-vmsvc-root.6.log
lab001-master-1 vmware-vmsvc-root.7.log
lab001-master-1 vmware-vmsvc-root.8.log
lab001-master-1 vmware-vmsvc-root.9.log
lab001-master-1 vmware-vmsvc-root.log
lab001-master-1 vmware-vmtoolsd-root.log
lab001-master-1 wtmp
lab001-master-2 README
lab001-master-2 audit/
lab001-master-2 btmp
lab001-master-2 btmp-20250301
lab001-master-2 chrony/
lab001-master-2 containers/
lab001-master-2 crio/
lab001-master-2 etcd/
lab001-master-2 glusterfs/
lab001-master-2 journal/
lab001-master-2 kube-apiserver/
lab001-master-2 lastlog
lab001-master-2 oauth-apiserver/
lab001-master-2 oauth-server/
lab001-master-2 openshift-apiserver/
lab001-master-2 openvswitch/
lab001-master-2 ovn/
lab001-master-2 pods/
lab001-master-2 private/
lab001-master-2 qemu-ga/
lab001-master-2 samba/
lab001-master-2 sssd/
lab001-master-2 tallylog
lab001-master-2 vmware-network.1.log
lab001-master-2 vmware-network.2.log
lab001-master-2 vmware-network.3.log
lab001-master-2 vmware-network.4.log
lab001-master-2 vmware-network.5.log
lab001-master-2 vmware-network.6.log
lab001-master-2 vmware-network.7.log
lab001-master-2 vmware-network.8.log
lab001-master-2 vmware-network.9.log
lab001-master-2 vmware-network.log
lab001-master-2 vmware-vgauthsvc.log.0
lab001-master-2 vmware-vmsvc-root.1.log
lab001-master-2 vmware-vmsvc-root.10.log
lab001-master-2 vmware-vmsvc-root.2.log
lab001-master-2 vmware-vmsvc-root.3.log
lab001-master-2 vmware-vmsvc-root.4.log
lab001-master-2 vmware-vmsvc-root.5.log
lab001-master-2 vmware-vmsvc-root.6.log
lab001-master-2 vmware-vmsvc-root.7.log
lab001-master-2 vmware-vmsvc-root.8.log
lab001-master-2 vmware-vmsvc-root.9.log
lab001-master-2 vmware-vmsvc-root.log
lab001-master-2 vmware-vmtoolsd-root.log
lab001-master-2 wtmp
Notice in the above output that one of the directories listed is etcd. You can list the files/directories in each node (each master node in this example).
~]$ oc adm node-logs --role master --path=etcd
lab001-master-0 etcd-health-probe.log
lab001-master-1 etcd-health-probe.log
lab001-master-2 etcd-health-probe.log
Then you can view the log events in each node.
oc adm node-logs --role master --path=/etcd/etcd-health-probe.log
If you want to return logs for a particular unit in each node, such as kubelet or sssd, the -u or --unit option can be used.
oc adm node-logs --role master --unit=kubelet
You can tail the events in each node, such as the last 10 events in the log in each node.
oc adm node-logs --role master --unit=kubelet --tail=10
--path='journal' can be used to return events similar to the journalctl command. This is nice if you are looking for something particular in the logs since this should query all logs in each node.
oc adm node-logs --role worker --path='journal' --tail=10
This is often used in conjunction with --since and --until to only return log events in a certain time period.
oc adm node-logs --role worker --path='journal' --since '2025-03-11 01:24:15' --until '2025-03-11 01:24:20'
---grep can be used to filter the results using a regular expression. In this example only events containing DNS will be returned.
oc adm node-logs --role worker --path='journal' --grep 'dns'
The --boot option can be used to show messages from a specific boot. In this example, -1 means the prior boot.
oc adm node-logs --role worker --path='journal' --boot=-1
Did you find this article helpful?
If so, consider buying me a coffee over at 