Syslog-ngとpoundでpoundのアクセスログをApache風に出力させる
poundでロードバランシングさせていると、Webサーバ1台で運営するのに比べ、アクセスログが分散して全体を把握しにくい。Railsアプリなんかの振り分けもしてると余計に。
Poundの設定
「LogLevel 3」がミソ。「4」にするとバーチャルホストのないタイプになる。
User "pound" Group "pound" Alive 60 # Apache combined log format # sample.taslam.jp xxx.xxx.xxx.xxx - - [23/Apr/2008:16:52:42 +0900] "GET /path/index.html HTTP/1.1" 200 43 "http://sample.taslam.jp/index.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" LogLevel 3 ListenHTTP Address 192.168.0.100 Port 80 Service BackEnd Address 192.168.0.101 Port 80 Timeout 300 End BackEnd Address 192.168.0.102 Port 80 Timeout 300 End End End
Syslog-ngの設定
poundの吐いたログを/var/log/pound.logに振り分けて、さらに出力するログに余計な文字列(プログラム名とか日付とか)をつけなくする。
# 出力ファイルの設定 destination d_pound { file("/var/log/pound.log" template("$MSGONLY\n") template_escape(no) ); }; # /var/log/messageに出力しないようにする # not以下の節にor program(pound)を加える filter f_filter2 { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron) or program(pound)); }; # poundが吐いたログを取り出すフィルタ filter f_filter9 { program(pound); }; log { source(s_sys); filter(f_filter9); destination(d_pound); destination(d_loghost);};
実際の設定例
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (yes); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); # udp(ip(0.0.0.0) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" sync(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; destination d_pound { file("/var/log/pound.log" template("$MSGONLY\n") template_escape(no) ); }; # ログ転送 destination d_loghost { udp("xxx.xxx.xxx.xxx"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron) or program(pound)); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; filter f_filter9 { program(pound); }; log { source(s_sys); filter(f_filter1); destination(d_kern); destination(d_loghost); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); destination(d_loghost); }; log { source(s_sys); filter(f_filter3); destination(d_auth); destination(d_loghost); }; log { source(s_sys); filter(f_filter4); destination(d_mail); destination(d_loghost); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); destination(d_loghost); }; log { source(s_sys); filter(f_filter6); destination(d_spol); destination(d_loghost); }; log { source(s_sys); filter(f_filter7); destination(d_boot); destination(d_loghost); }; log { source(s_sys); filter(f_filter8); destination(d_cron); destination(d_loghost); }; log { source(s_sys); filter(f_filter9); destination(d_pound); destination(d_loghost); };
ログの切り替え
logrotateでやればよし。