Thursday, August 28, 2008

Slug and Syslog Server

One thing I miss about having the web server on the Slug, is having logfiles. Since it's running on a USB flash drive, I've turned off logging for everything so I don't kill the flash. I finally got around to setting it up to use a syslog server and pointed it at my HA box.

To do this, I edited /etc/syslog.conf on the Slug, setting DESTINATION to "remote" and REMOTE pointing to the HA server.

DESTINATION="remote" # log destinations (buffer file remote)
MARKINT=60 # interval between --mark-- entries [min]
REDUCE=no # reduced-size logging
BUFFERSIZE=64 # buffer: size of circular buffer [kByte]
LOGFILE= # file: where to log
REMOTE=aaa.bbb.ccc.ddd:514 # remote: where to log
FOREGROUND=no # run in foreground (don't use!)

In /etc/lighttpd.conf, I set up some conditionals for access logging:

$HTTP["url"] !~ "(\.css|\.js$)" {
$HTTP["remoteip"] != "aaa.bbb.ccc.0/24" {
accesslog.use-syslog = "enable"
}
}

Anything other than .css and .js files viewed from anywhere but my LAN will get logged. Cool.

Finally, I played around with few free syslog servers. None of them did what I wanted so I wrote my own in Perl. It's very simple so far and not very efficient with the logfile handling, but it works for now:

use warnings;

use IO::Socket;
use IO::Select;
use Sys::Hostname;

$port = 514;

$socket = IO::Socket::INET->new(
Proto => 'udp',
LocalPort => $port,
);
die "Could not create socket: $!\n" unless $socket;

print "syslog server\n";

while (defined($socket)) {
recv($socket,$msg,1500,0);
@msg=split(' ',$msg);

if ($msg[11] ne "") {
print "$msg[1] $msg[2] $msg[3] $msg[4] $msg[7] $msg[11]\n";
}
open(SYSLOG,">>./syslog.txt");
print SYSLOG "$msg\n";
close(SYSLOG);
}

close($socket);

No comments:

Post a Comment