Differences
This shows you the differences between two versions of the page.
| — |
litespeed_wiki:config:centralized-syslog-or-splunk-logging [2015/07/30 18:26] (current) Michael Alegre created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== How to send LiteSpeed logs to a Syslog or Splunk logging server ====== | ||
| + | |||
| + | The following script is helpful and can be easily customized to fit your environment to | ||
| + | send error/server logs from all litespeed web servers or load balancer instances to a centralized location: a central syslog server, or a splunk data gather. | ||
| + | |||
| + | For this example, the logs are syslogged to a remote server without any alteration. | ||
| + | |||
| + | ===== A. Install Perl Modules ==== | ||
| + | |||
| + | Make sure to install the necessary Perl modules from CPAN. | ||
| + | |||
| + | <code> | ||
| + | perl -MCPAN -e "install File::Tail::Multi" | ||
| + | prel -MCPAN -e "install Sys::Syslog" | ||
| + | </code> | ||
| + | |||
| + | ===== B. Copy Script to Server ==== | ||
| + | |||
| + | Here is the Perl script. If you do not have Perl binary in /usr/bin/perl then modify the scripts first line. | ||
| + | |||
| + | <code> | ||
| + | #!/usr/bin/perl | ||
| + | |||
| + | use strict; | ||
| + | use File::Tail::Multi; | ||
| + | use Sys::Syslog; | ||
| + | |||
| + | #Put all the litespeed error/stderr/php error log files here | ||
| + | my @log_files = ["/opt/lsws/logs/error.log","/opt/lsws/logs/stderr.log","/opt/lsws/logs/php.err"]; | ||
| + | |||
| + | #Create this file if it does not exist. Script will use this file to keep | ||
| + | #a record of where it left off for each tailing file so it will never re-read old data. | ||
| + | my $tail_checkpoint_file = "/tmp/perl_tail.lastrun"; | ||
| + | |||
| + | #Your syslog udp server. Make sure udp port 514 is open | ||
| + | my $syslog_server = "127.0.0.1"; | ||
| + | |||
| + | #Let syslog use remote udp protocol | ||
| + | Sys::Syslog::setlogsock("udp", $syslog_server); | ||
| + | |||
| + | #Setting syslog message options. The firt param will prepend litespeed to all outgoing messages | ||
| + | openlog("litespeed", 'nowait', 'local0'); | ||
| + | |||
| + | #Create the tail/watch instance. | ||
| + | my $myTail = File::Tail::Multi->new( | ||
| + | Function => \&fn_read_lines, | ||
| + | LastRun_File => $tail_checkpoint_file, | ||
| + | Files => @log_files, | ||
| + | RemoveDuplicate => 1, | ||
| + | ); | ||
| + | |||
| + | print("Log watcher running...\n"); | ||
| + | |||
| + | while(1) { | ||
| + | #Read lines from watched files if there are new lines to read | ||
| + | $myTail->read; | ||
| + | |||
| + | #for debug purpose | ||
| + | #$myTail->print; | ||
| + | |||
| + | #1 second is good for almost real-time without chewing up cpu | ||
| + | sleep 1; | ||
| + | } | ||
| + | |||
| + | #This function is called when there are new lines read | ||
| + | sub fn_read_lines { | ||
| + | my $lines_ref = shift; | ||
| + | foreach ( @{$lines_ref} ) { | ||
| + | chomp; #removes new line | ||
| + | syslog("info",$_); | ||
| + | } | ||
| + | } | ||
| + | |||
| + | </code> | ||
| + | |||
| + | ===== C. Test Script ==== | ||
| + | |||
| + | To verify that the code is working. Run the scrip via command line. | ||
| + | |||
| + | <code> | ||
| + | perl watch.pl | ||
| + | |||
| + | #or if you have executable bit set on the script | ||
| + | ./watch.pl | ||
| + | </code> | ||
| + | |||
| + | ===== D. Run as daemon/in background ==== | ||
| + | |||
| + | To run it as a daemon/background process. Use nohup. | ||
| + | |||
| + | <code> | ||
| + | nohup perl watch.pl & | ||
| + | </code> | ||