Syslog-ngとpoundでpoundのアクセスログをApache風に出力させる
poundでロードバランシングさせていると、Webサーバ1台で運営するのに比べ、アクセスログが分散して全体を把握しにくい。Railsアプリなんかの振り分けもしてると余計に。
Poundの設定
「LogLevel 3」がミソ。「4」にするとバーチャルホストのないタイプになる。
User "pound" Group "pound" Alive 60 # Apache combined log format # sample.taslam.jp xxx.xxx.xxx.xxx - - [23/Apr/2008:16:52:42 +0900] "GET /path/index.html HTTP/1.1" 200 43 "http://sample.taslam.jp/index.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" LogLevel 3 ListenHTTP Address 192.168.0.100 Port 80 Service BackEnd Address 192.168.0.101 Port 80 Timeout 300 End BackEnd Address 192.168.0.102 Port 80 Timeout 300 End End End
Syslog-ngの設定
poundの吐いたログを/var/log/pound.logに振り分けて、さらに出力するログに余計な文字列(プログラム名とか日付とか)をつけなくする。
# 出力ファイルの設定
destination d_pound {
file("/var/log/pound.log"
template("$MSGONLY\n")
template_escape(no)
);
};
# /var/log/messageに出力しないようにする
# not以下の節にor program(pound)を加える
filter f_filter2 { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program(pound)); };
# poundが吐いたログを取り出すフィルタ
filter f_filter9 { program(pound); };
log { source(s_sys); filter(f_filter9); destination(d_pound); destination(d_loghost);};実際の設定例
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (yes);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };
destination d_pound {
file("/var/log/pound.log"
template("$MSGONLY\n")
template_escape(no)
);
};
# ログ転送
destination d_loghost { udp("xxx.xxx.xxx.xxx"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program(pound)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_filter9 { program(pound); };
log { source(s_sys); filter(f_filter1); destination(d_kern); destination(d_loghost); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); destination(d_loghost); };
log { source(s_sys); filter(f_filter3); destination(d_auth); destination(d_loghost); };
log { source(s_sys); filter(f_filter4); destination(d_mail); destination(d_loghost); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); destination(d_loghost); };
log { source(s_sys); filter(f_filter6); destination(d_spol); destination(d_loghost); };
log { source(s_sys); filter(f_filter7); destination(d_boot); destination(d_loghost); };
log { source(s_sys); filter(f_filter8); destination(d_cron); destination(d_loghost); };
log { source(s_sys); filter(f_filter9); destination(d_pound); destination(d_loghost); };
ログの切り替え
logrotateでやればよし。
