Tags:
tag this topic
create new tag
view all tags
<!-- keep this as a security measure: * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.LCGAdminGroup * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.LCGAdminGroup #uncomment this if you want the page only be viewable by the internal people #* Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.LCGAdminGroup,Main.ChippComputingBoardGroup --> ---+ Syslog %TOC% The following is based around rsyslog but is applicable to syslog in general. The config examples will be using the "legacy" syntax for rsyslog version 5.x but newer versions are backwards compatible with this. Further details can be found in the man pages and online, this following is well documented but it listed here to improve awareness. ---++ Timestamps ISO8601 should be used whenever possible it provides timezone and sub second precision. To enable this within rsyslog we need to make the following minor change. <verbatim> vim /etc/rsyslog.conf # Use high precision timestamps # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $ActionFileDefaultTemplate RSYSLOG_FileFormat </verbatim> ---++ Using the logger command When you need to write to a log file please make use of the logger command. This will ensure logs have uniform timestamps and can easily be forwarded to a central syslog server. When using logger make use of the -t and -p flags to distinguish your program. -t denotes the application tag and -p is facility.severity e.g. <verbatim> echo This is info | logger -t my_script -p local3.info echo This is an error | logger -t my_script -p local3.err </verbatim> ---++ Filtering logs In the above example the log entries would end up in /var/log/messages. For ease of use lets direct these entries to their own file. By default the config in rsyslog sources the files from /etc/rsyslog.d/ that end in .conf. As such we can drop files in here for filtering. <verbatim> vim /etc/rsyslog.d/my_script.conf :programname , isequal , "my_script" /var/log/my_script.log & ~ </verbatim> Usage of "& ~" means rsyslog should perform no further filtering. Without this log entries would appear in our custom log and in /var/log/messages ---++ Logging from applications that don't use syslog If you have an application that writes to it's own log and does not provide an option to write to syslog there are two work arounds that can be used. Note I have not been able to combine imfile and named pipes, if you find a solution please add the details here. When attempting to use both on CentOS 6.4/ rsyslog 5.8.10 echoing into the named pipe hung until I manually tailed the pipe, rsyslog did not seem to pick this up. ---+++ imfile rsyslog module This is the simplest method, we simply tell rsyslog to watch file and record it's input to syslog. The only downside is that we end up with duplication of logs. Note rsyslog by default checks the file every 10 seconds, this can be configured $InputFilePollInterval if you wish (note: more frequent checking == higher system load). <verbatim> vim /etc/rsyslog.d/file.conf $ModLoad imfile $InputFileName /var/log/crappy.log $InputFileTag foo $InputFileStateFile stat-foo $InputRunFileMonitor # Our input file already has a timestamp and likely a PID/ proc name # the below is a template to only log the message to the host syslog # this avoids having two timestamps $template drop,"%msg%\n" # Lets be clever and filter this too, note we specify the template at the end :programname , isequal , "foo" /var/log/not_so_crappy.log;drop & ~ </verbatim> ---++++ remote only If you don't need syslog logs on the local machine we can just forward them and not store a duplicate locally <verbatim> :programname , isequal , "foo" @@syslog.host:514;drop </verbatim> ---+++ named pipes This is a more complex example but does not result in log duplication. We can make a named pipe and direct our application to write the log output to it as can be treated like a file. <verbatim> # Make a named pipe and direct our non syslog application to log here mkfifo /var/log/crummy.log # Redirect from the named pipe into logger tail -f /var/log/crummy.log | logger -t bar # Filter to desired log file vim /etc/rsyslog.d/crummy_log.conf :programname , isequal , "bar" /var/log/not_so_crummy.log & ~ </verbatim> %ICON{todo}% Obviously this introduces another process (tail / logger) that needs to be running so we really should daemonize it. -- Main.GeorgeBrown - 2013-12-12
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r8
<
r7
<
r6
<
r5
<
r4
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r8 - 2014-02-12
-
PabloFernandez
LCGTier2
Log In
(Topic)
LCGTier2 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
Users
Entry point / Contact
RoadMap
ATLAS Pages
CMS Pages
CMS User Howto
CHIPP CB
Outreach
Technical
Cluster details
Services
Hardware and OS
Tools & Tips
Monitoring
Logs
Maintenances
Meetings
Tests
Issues
Blog
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
LCGTier2 Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Warning: Can't find topic "".""
Account
Log In
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback