Wiki

Howto send LiteSpeed logs to a Syslog or Splunk logging server

The following script is helpful and can be easily customized to fit your environment to send error/server logs from all litespeed web servers or load balancer instances to a centralized location: a central syslog server, or a splunk data gather.

For this example, the logs are syslogged to a remote server without any alteration.

A. Install Perl Modules

Make sure to install the necessary Perl modules from CPAN.

perl -MCPAN -e "install File::Tail::Multi"
prel -MCPAN -e "install Sys::Syslog"

B. Copy Script to Server

Here is the Perl script. If you do not have Perl binary in /usr/bin/perl then modify the scripts first line.

#!/usr/bin/perl

use strict;
use File::Tail::Multi;
use Sys::Syslog;

#Put all the litespeed error/stderr/php error log files here
my @log_files = ["/opt/lsws/logs/error.log","/opt/lsws/logs/stderr.log","/opt/lsws/logs/php.err"];

#Create this file if it does not exist. Script will use this file to keep
#a record of where it left off for each tailing file so it will never re-read old data.
my $tail_checkpoint_file = "/tmp/perl_tail.lastrun";

#Your syslog udp server. Make sure udp port 514 is open
my $syslog_server = "127.0.0.1";

#Let syslog use remote udp protocol
Sys::Syslog::setlogsock("udp", $syslog_server);

#Setting syslog message options. The firt param will prepend litespeed to all outgoing messages
openlog("litespeed", 'nowait', 'local0');

#Create the tail/watch instance.
my $myTail = File::Tail::Multi->new( 
	Function => \&fn_read_lines,
	LastRun_File => $tail_checkpoint_file,
	Files => @log_files,
	RemoveDuplicate => 1,
);

print("Log watcher running...\n");

while(1) {
	#Read lines from watched files if there are new lines to read
	$myTail->read;
	
	#for debug purpose
	#$myTail->print;
	
	#1 second is good for almost real-time without chewing up cpu
	sleep 1;
}

#This function is called when there are new lines read
sub fn_read_lines {
	my $lines_ref = shift;   
	foreach ( @{$lines_ref} ) {
		chomp; #removes new line 
		syslog("info",$_);
	}
}

C. Test Script

To verify that the code is working. Run the scrip via command line.

perl watch.pl

#or if you have executable bit set on the script
./watch.pl

D. Run as daemon/in background

To run it as a daemon/background process. Use nohup.

nohup perl watch.pl & 
 
litespeed_wiki/logging_syslog_splunk_centralized.txt · Last modified: 2010/11/16 08:41 (external edit)