Differences
This shows you the differences between two versions of the page.
— |
litespeed_wiki:config:centralized-syslog-or-splunk-logging [2015/07/30 18:26] (current) Michael Alegre created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== How to send LiteSpeed logs to a Syslog or Splunk logging server ====== | ||
+ | |||
+ | The following script is helpful and can be easily customized to fit your environment to | ||
+ | send error/server logs from all litespeed web servers or load balancer instances to a centralized location: a central syslog server, or a splunk data gather. | ||
+ | |||
+ | For this example, the logs are syslogged to a remote server without any alteration. | ||
+ | |||
+ | ===== A. Install Perl Modules ==== | ||
+ | |||
+ | Make sure to install the necessary Perl modules from CPAN. | ||
+ | |||
+ | <code> | ||
+ | perl -MCPAN -e "install File::Tail::Multi" | ||
+ | prel -MCPAN -e "install Sys::Syslog" | ||
+ | </code> | ||
+ | |||
+ | ===== B. Copy Script to Server ==== | ||
+ | |||
+ | Here is the Perl script. If you do not have Perl binary in /usr/bin/perl then modify the scripts first line. | ||
+ | |||
+ | <code> | ||
+ | #!/usr/bin/perl | ||
+ | |||
+ | use strict; | ||
+ | use File::Tail::Multi; | ||
+ | use Sys::Syslog; | ||
+ | |||
+ | #Put all the litespeed error/stderr/php error log files here | ||
+ | my @log_files = ["/opt/lsws/logs/error.log","/opt/lsws/logs/stderr.log","/opt/lsws/logs/php.err"]; | ||
+ | |||
+ | #Create this file if it does not exist. Script will use this file to keep | ||
+ | #a record of where it left off for each tailing file so it will never re-read old data. | ||
+ | my $tail_checkpoint_file = "/tmp/perl_tail.lastrun"; | ||
+ | |||
+ | #Your syslog udp server. Make sure udp port 514 is open | ||
+ | my $syslog_server = "127.0.0.1"; | ||
+ | |||
+ | #Let syslog use remote udp protocol | ||
+ | Sys::Syslog::setlogsock("udp", $syslog_server); | ||
+ | |||
+ | #Setting syslog message options. The firt param will prepend litespeed to all outgoing messages | ||
+ | openlog("litespeed", 'nowait', 'local0'); | ||
+ | |||
+ | #Create the tail/watch instance. | ||
+ | my $myTail = File::Tail::Multi->new( | ||
+ | Function => \&fn_read_lines, | ||
+ | LastRun_File => $tail_checkpoint_file, | ||
+ | Files => @log_files, | ||
+ | RemoveDuplicate => 1, | ||
+ | ); | ||
+ | |||
+ | print("Log watcher running...\n"); | ||
+ | |||
+ | while(1) { | ||
+ | #Read lines from watched files if there are new lines to read | ||
+ | $myTail->read; | ||
+ | |||
+ | #for debug purpose | ||
+ | #$myTail->print; | ||
+ | |||
+ | #1 second is good for almost real-time without chewing up cpu | ||
+ | sleep 1; | ||
+ | } | ||
+ | |||
+ | #This function is called when there are new lines read | ||
+ | sub fn_read_lines { | ||
+ | my $lines_ref = shift; | ||
+ | foreach ( @{$lines_ref} ) { | ||
+ | chomp; #removes new line | ||
+ | syslog("info",$_); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | </code> | ||
+ | |||
+ | ===== C. Test Script ==== | ||
+ | |||
+ | To verify that the code is working. Run the scrip via command line. | ||
+ | |||
+ | <code> | ||
+ | perl watch.pl | ||
+ | |||
+ | #or if you have executable bit set on the script | ||
+ | ./watch.pl | ||
+ | </code> | ||
+ | |||
+ | ===== D. Run as daemon/in background ==== | ||
+ | |||
+ | To run it as a daemon/background process. Use nohup. | ||
+ | |||
+ | <code> | ||
+ | nohup perl watch.pl & | ||
+ | </code> | ||