Dr. Ed Morbius
2011-Mar-24 20:23 UTC
[CentOS] Remote-logging nginx? (or other non-syslog-enabled stuff)
I'm looking for suggestions as to a good general method of remote-logging services such as nginx or anything else which doesn't support syslog natively. I'm aware that there's an nginx patch, and we're evaluating this. It may be the way we fly. However there are other tools which may not have a patch for which remote logging would be useful. If there's a general soution (something as naive as tailing local logs and firing these off on a regular basis). I've heard rumors of a Perl script used for apache logs. Also that rsyslog supports logging from local files to a remote syslog server, possibly. I'm RTFMing on that. Thanks in advance. -- Dr. Ed Morbius, Chief Scientist / | Robot Wrangler / Staff Psychologist | When you seek unlimited power Krell Power Systems Unlimited | Go to Krell!
Lamar Owen
2011-Mar-24 20:35 UTC
[CentOS] Remote-logging nginx? (or other non-syslog-enabled stuff)
On Thursday, March 24, 2011 04:23:38 pm Dr. Ed Morbius wrote:> I'm looking for suggestions as to a good general method of > remote-logging services such as nginx or anything else which doesn't > support syslog natively.logger It's part of util-linux, and should be on every CentOS box, unless something is bad wrong.... It can take its stdin and syslog to any loglevel and facility, and can do so over any socket.
Lamar Owen
2011-Mar-24 21:14 UTC
[CentOS] Remote-logging nginx? (or other non-syslog-enabled stuff)
On Thursday, March 24, 2011 04:44:00 pm Dr. Ed Morbius wrote:> on 16:35 Thu 24 Mar, Lamar Owen (lowen at pari.edu) wrote: > > On Thursday, March 24, 2011 04:23:38 pm Dr. Ed Morbius wrote: > > > I'm looking for suggestions as to a good general method of > > > remote-logging services such as nginx or anything else which doesn't > > > support syslog natively. > > > > logger > > I'm familiar with it.Have you tried it? Prior to PostgreSQL supporting syslog I used it to pipe PostgreSQL output to syslog. Worked fine.> So: as part of a robust production system solution, how would I, say, > avoid retransmitting old log data?Timestamps, good NTP setup, and log deduplication. Better to have retransmitted than to never have transmitted at all. Or, in the specific case of nginx, use the syslog patch from Marlon de Boer. But nginx is not in the CentOS repos that I can see; logger is, however, and the general usage of logger in the CentOS context would be on-topic.
Rajagopal Swaminathan
2011-Mar-25 01:54 UTC
[CentOS] Remote-logging nginx? (or other non-syslog-enabled stuff)
Greetings, On 3/25/11, Dr. Ed Morbius <dredmorbius at gmail.com> wrote:> I'm looking for suggestions as to a good general method of > remote-logging services such as nginx or anything else which doesn't > support syslog natively. >Why not use a fine tuned apache instance instead for webserver? Just a thought. </ducking the bricks> Regards, Rajagopal
Ilyas --
2011-Mar-25 05:39 UTC
[CentOS] Remote-logging nginx? (or other non-syslog-enabled stuff)
Hi!
I'm using follow method for remote logging and catch logs from many servers.
Nginx writes logs into fifo, which created via nginx init script:
cat /etc/sysconfig/nginx
...
# syslog-ng support for nginx
if [ ! -p /var/log/nginx/access.log ]; then
/bin/rm -f /var/log/nginx/access.log
/usr/bin/mkfifo --mode=0640 /var/log/nginx/access.log
fi
if [ ! -p /var/log/nginx/error.log ] ; then
/bin/rm -f /var/log/nginx/error.log
/usr/bin/mkfifo --mode=0640 /var/log/nginx/error.log
fi
/bin/chown nginx:root /var/log/nginx/access.log /var/log/nginx/error.log
Nginx just writes to fifo as to file. Nginx has nonblocking output to
logs and if nobody read fifo nginx dont stop on logs write.
>From other side pipe reads syslog-ng.
cat /etc/syslog-ng/syslog-ng.conf
...
source s_nginx_20 {
fifo ("/var/log/nginx/access.log"
log_prefix("nginx-access-log: "));
};
source s_nginx_21 {
fifo ("/var/log/nginx/error.log"
log_prefix("nginx-error-log: "));
};
...
destination d_remote { tcp("remote.example.com", port(514)); };
...
# nginx
filter f_nginx_20 { match("nginx-access-log: "); };
filter f_nginx_21 { match("nginx-error-log: "); };
...
# nginx
log { source(s_nginx_20); filter(f_nginx_20); destination(d_remote); };
log { source(s_nginx_21); filter(f_nginx_21); destination(d_remote); };
To avoid syslog-ng problems on startup (ex. if fifo does not exists)
used follow solution:
cat /etc/sysconfig/syslog-ng
...
# syslog-ng support for nginx
if [ ! -p /var/log/nginx/access.log ]; then
/bin/rm -f /var/log/nginx/access.log
/usr/bin/mkfifo --mode=0640 /var/log/nginx/access.log
fi
if [ ! -p /var/log/nginx/error.log ] ; then
/bin/rm -f /var/log/nginx/error.log
/usr/bin/mkfifo --mode=0640 /var/log/nginx/error.log
fi
/bin/chown nginx:root /var/log/nginx/access.log /var/log/nginx/error.log
On remote side (remote.example.com):
cat /etc/syslog-ng/syslog-ng.conf
...
source s_net {
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(514) keep-alive(yes) max-connections(128));
};
...
filter f_nginx_20 { match("nginx-access-log: "); };
filter f_nginx_21 { match("nginx-error-log: "); };
...
destination d_nginx_20 { file("/var/log/nginx/access.log"); };
destination d_nginx_21 { file("/var/log/nginx/error.log"); };
...
log { source(s_sys); filter(f_nginx_20); destination(d_nginx_20); };
log { source(s_sys); filter(f_nginx_21); destination(d_nginx_21); };
In the same way I catch logs from 20-30 servers to 1 server, approx.
300GB gzipped logs per day.
On Thu, Mar 24, 2011 at 11:23 PM, Dr. Ed Morbius <dredmorbius at
gmail.com> wrote:> I'm looking for suggestions as to a good general method of
> remote-logging services such as nginx or anything else which doesn't
> support syslog natively.
>
> I'm aware that there's an nginx patch, and we're evaluating
this. ?It
> may be the way we fly.
>
> However there are other tools which may not have a patch for which
> remote logging would be useful. ?If there's a general soution
(something
> as naive as tailing local logs and firing these off on a regular basis).
>
> I've heard rumors of a Perl script used for apache logs.
>
> Also that rsyslog supports logging from local files to a remote syslog
> server, possibly. ?I'm RTFMing on that.
>
> Thanks in advance.
>
> --
> Dr. Ed Morbius, Chief Scientist / ? ? ? ? ? ?|
> ?Robot Wrangler / Staff Psychologist ? ? ? ?| When you seek unlimited power
> Krell Power Systems Unlimited ? ? ? ? ? ? ? ?| ? ? ? ? ? ? ? ? ?Go to
Krell!
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Ilyas R. Khasyanov
Unix/Linux System Administrator
GPG Key ID: 6EC5EB27 (Changed since 2009-05-12)
Maybe Matching Threads
- Dell PERC H800 commandline RAID monitoring tools
- CentOS and Dell MD3200i / MD3220i iSCSI w/ multipath -- slightly OT
- Run commands automatically when bringing up/down network interfaces?
- CentOS and Dell MD3200i / MD3220i iSCSI w/ multipath
- Safe/sane tempfile creation?