如何在 Elastic Beanstalk 上设置 Loggly?
Posted
技术标签:
【中文标题】如何在 Elastic Beanstalk 上设置 Loggly?【英文标题】:How to set up Loggly on Elastic Beanstalk? 【发布时间】:2012-06-30 13:53:59 【问题描述】:我想将 Loggly 设置为在 AWS Elastic Beanstalk 上运行,但找不到有关如何执行此操作的任何信息。是否有任何指南,或有关如何开始的一般指南?
【问题讨论】:
是http API和选项吗? wiki.loggly.com/gettinglogsintologgly如果是这样我可以写更详细的描述 我正在寻找特定于 Elastic Beanstalk 的更详细设置。 Elastic bean stalk 仅适用于 war 文件,因此直接从您的代码进行调用的 Http API 可以在任何地方工作,包括 elastic beanstalk。由于您无法在 beanstalk 中访问您的机器,因此 syslog api 将不适合您。 @UsmanIsmail 你确实可以在 beanstalk 中访问你的机器,看看如何:docs.amazonwebservices.com/elasticbeanstalk/latest/dg/… 【参考方案1】:对于 papertrailapp.com(我更喜欢它而不是 loggly),我就是这样做的。在您的 /ebextensions 文件夹 (see more info) 中创建 logs.config,其中指定:
container_commands:
01-set-correct-hostname:
command: hostname www.example.com
02-forward-rsyslog-to-papertrail:
# https://papertrailapp.com/systems/setup
command: echo "*.* @logs.papertrailapp.com:55555" >> /etc/rsyslog.conf
03-enable-remote-logging:
command: echo -e "\$ModLoad imudp\n\$UDPServerRun 514\n\$ModLoad imtcp\n\$InputTCPServerRun 514\n\$EscapeControlCharactersOnReceive off" >> /etc/rsyslog.conf
04-restart-syslog:
command: service rsyslog restart
55555 应替换为 papertrailapp.com 提供的 UDP 端口号。每次新实例引导后,都会应用此配置。然后,在你的log4j.properties:
log4j.rootLogger=WARN, SYSLOG
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.facility=local1
log4j.appender.SYSLOG.header=true
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=[%p] %t %c: %m%n
我不确定这是否是最佳解决方案。在jcabi-beanstalk-maven-plugin中阅读有关此机制的更多信息
【讨论】:
似乎在 EC2 服务器上设置主机名不是一个好主意***.com/questions/603351/… 在 EC2 上使用此解决方案 - 我必须更改service rsyslog restart,它不适用于 /etc/init.d/rsyslog restart
似乎附加到 rsyslog.conf 有点问题 - 多次部署到同一组 beanstalk 提供的服务器(经常发生)会导致多个附加。但是,通常情况下,/etc/rsyslog.config 最后会有一个“$IncludeConfig /etc/rsyslog.d/*.conf” - 因此您可以使用 . ebextensions 文件。无论您是否部署到新服务器,这都有效。
+1 到 @scolestock 的评论。我从接受的答案中建议的配置开始,但最终只是在 /etc/rsyslog.d/ 中创建了一个新文件。【参考方案2】:
您也可以使用 loggly 本身的安装脚本。 下面的设置遵循https://www.loggly.com/docs/configure-syslog-script/ 上的旧版设置的说明,稍作更改(没有确认提示,sudo 命令被替换,因为没有 tty 可用)
(编辑:更新的链接,现在在 loggly 文档中似乎是一个过时的解决方案)
将以下脚本放在 .ebextensions/loggly.config 中
将 TOKEN 和 ACCOUNT 替换为您自己的。
#
# Install loggly.com on AWS Elastic Beanstalk
# Tested with node.js environment
# Save this file as .ebextensions/loggly.config
# Deploy per normal scripts or aws.push. To help debug the push, ssh & tail /var/log/cfn-init.log
# See Also /var/log/eb-tools.log
#
commands:
01_loggly_dl:
command: wget -q -O /tmp/loggly.py https://www.loggly.com/install/configure-syslog.py
02_loggly_config:
command: su --session-command="python /tmp/loggly.py setup --auth TOKEN --account ACCOUNT --yes"
【讨论】:
入侵 Loggly 的任何人都不能入侵您的服务器吗?运行这样的远程代码似乎不安全。【参考方案3】:这里是 loggly 支持站点的链接,用于将 syslogd 与 loggly 一起使用: http://wiki.loggly.com/loggingconfiguration
或在您自己的应用中使用 loggly api: http://wiki.loggly.com/apidocumention
【讨论】:
【参考方案4】:这是我刚刚开始使用的 Loggly 的 elasticbeanstalk 配置,感谢来自此线程的指针和日志记录 SaaS 供应商设置说明。 [Loggly Config Mgmt、Papertrail rsyslog]
将文件保存为 .ebextensions 目录中的 loggly.config 并确保检查 YAML 格式约定(无制表符等)。根据需要将您的 Loggly TCP 端口号、用户名、密码和域名替换为尖括号。
请注意,对于 AWS ruby 版本的 elasticbeanstalk,EC2 /etc/rsyslog 设置可能存在差异。例如,如果 /etc/rsyslog.d 已经存在,并且已经有一个“$IncludeConfig /etc/rsyslog.d/*.conf”指令,那么命令“01-forward-rsyslog-to-loggly:”可以是删除。
按照普通脚本或 aws.push 进行部署。为了帮助调试推送,ssh & tail /var/log/cfn-init.log
files:
"/etc/rsyslog.d/90-loggly.conf" :
mode: "000664"
owner: root
group: root
content: |
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@logs.loggly.com:<yourportnum> # !!!Loggly supplied port number for each app!!!
# ### end of the forwarding rule ###
encoding: plain
"/tmp/loggly.py" :
mode: "000755"
owner: root
group: root
content: |
import json
import sys
import urllib2
'''
Auto-authenticate Syslog TCP inputs.
Usage: python inputs.py -u user -p pass -s subdomain
'''
state = None
params =
for i in range(len(sys.argv)):
arg = sys.argv[i]
if state:
params[state] = arg
state = None
if arg == '--username' or arg == '-u':
state = 'username'
if arg == '--password' or arg == '-p':
state = 'password'
if arg == '--subdomain' or arg == '-s':
state = 'subdomain'
url = 'https://%s.loggly.com/api/inputs' % params['subdomain']
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
password_mgr.add_password(None, url, params['username'], params['password'])
handler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(handler)
opener.open(url)
urllib2.install_opener(opener)
inputs = json.loads(urllib2.urlopen(url).read())
for input in inputs:
if input['service']['name'] == 'syslogtcp':
url = 'https://%s.loggly.com/api/inputs/%d/adddevice' % \
(params['subdomain'], input['id'])
response = urllib2.urlopen(url, ).read()
print response
encoding: plain
commands:
01-forward-rsyslog-to-loggly:
# http://loggly.com/support/sending-data/logging-from/syslog/rsyslog/cd
command: test "$(grep -s '90-loggly.conf' /etc/rsyslog.conf)" == "" && echo -e "\n# Include the loggly.conf file\n\$IncludeConfig /etc/rsyslog.d/90-loggly.conf" >> /etc/rsyslog.conf
02-restart-syslog:
command: service rsyslog restart
03-inform_loggly:
command: "python /tmp/loggly.py -u <Yourloginname> -p <Yourpassword> -s <Yourdomainname>"
【讨论】:
【参考方案5】:通常,/etc/rsyslog.config 的末尾会有一个“$IncludeConfig /etc/rsyslog.d/*.conf” - 因此您可以使用 自己的 配置文件.ebextensions 文件的“文件:”部分。无论您是否部署到新服务器,这都有效。
对于 ruby production.log,您可能在 .ebextensions/01loggly.config 文件中有类似的内容。请注意,这也会将您的 beanstalk 环境名称作为 loggly 标记。
# For docs on eb configs, see http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html
# This set of commands sets up loggly forwarding
files:
"/etc/rsyslog.d/myapp-loggly.conf" :
mode: "000664"
owner: root
group: root
content: |
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [yourlogglyid@41058 tag=` "Ref" : "AWSEBEnvironmentName" `] %msg%\n"
*.* @@logs-01.loggly.com:514;LogglyFormat
# One time config
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# Add a tag for file events
# For production.log
$InputFileName /var/app/support/logs/production.log
$InputFileTag production-log
$InputFileStateFile stat-production-log #this must be unique for each file being polled
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Send to Loggly then discard
if $programname == 'myapp-production-log' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'myapp-production-log' then ~
encoding: plain
commands:
00-make-work-directory:
command: mkdir -p /var/spool/rsyslog
01-restart-syslog:
command: service rsyslog restart
对于 Tomcat,您可以在 .ebextesions/01logglyg.config 文件中执行类似的操作:
# For docs on eb configs, see http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html
# This set of commands sets up loggly forwarding
files:
"/etc/rsyslog.d/mytomcatapp-loggly.conf" :
mode: "000664"
owner: root
group: root
content: |
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [yourlogglygidhere@41058 tag=` "Ref" : "AWSEBEnvironmentName" `] %msg%\n"
*.* @@logs-01.loggly.com:514;LogglyFormat
# One time config
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# catalina.log
$InputFileName /var/log/tomcat7/catalina.log
$InputFileTag catalina-log
$InputFileStateFile stat-catalina-log
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'catalina-log' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'catalina-log' then ~
# catalina.out
$InputFileName /var/log/tomcat7/catalina.out
$InputFileTag catalina-out
$InputFileStateFile stat-catalina-out
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'catalina-out' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'catalina-out' then ~
# host-manager.log
$InputFileName /var/log/tomcat7/host-manager.log
$InputFileTag host-manager
$InputFileStateFile stat-host-manager
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'host-manager' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'host-manager' then ~
# initd.log
$InputFileName /var/log/tomcat7/initd.log
$InputFileTag initd
$InputFileStateFile stat-initd
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'initd' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'initd' then ~
# localhost.log
$InputFileName /var/log/tomcat7/localhost.log
$InputFileTag localhost-log
$InputFileStateFile stat-localhost-log
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'localhost-log' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'localhost-log' then ~
# manager.log
$InputFileName /var/log/tomcat7/manager.log
$InputFileTag manager
$InputFileStateFile stat-manager
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
if $programname == 'manager' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'manager' then ~
encoding: plain
commands:
00-make-work-directory:
command: mkdir -p /var/spool/rsyslog
01-restart-syslog:
command: service rsyslog restart
这个配置对我有用 - 虽然我还没有确定如何让多行条目进入 Loggly 中的单个条目。
【讨论】:
归根结底,这种配置也不起作用。在亚马逊 linux 映像中按小时轮换后,它不会跟随 catalina.out。这有效:gist.github.com/troy/4710601【参考方案6】:我知道这是一个相当老的问题,但我发现答案确实没有回答问题,或者只是在实施时没有正常工作。我发现这可行(文件 .ebextenstions/02loggly.config):
container_commands:
01-transform-rsyslog.conf:
command: sed "s/NODE_ENV/$NODE_ENV/g" scripts/22-loggly.conf.temp > scripts/22-loggly.conf
02-setup-rsyslog.conf:
command: cp scripts/22-loggly.conf /etc/rsyslog.d/22-loggly.conf
03-restart:
command: /sbin/service rsyslog restart
“01-transform-rsyslog.conf”步骤是可选的;我用它在文件中通过 NODE_ENV 设置标签。 “22-loggly.conf.temp”是“22-loggly.conf”文件的修改版本,当您运行 linux 源设置脚本 (https://www.loggly.com/install/configure-syslog.py) 时,它会在“/etc/rsyslog.d/”中创建。我刚刚将它安装在一个 ec2 实例上并复制了文件。
请注意,我必须在我的服务命令前面加上“/sbin”,因为没有它我会失败。此外,这会在每次部署时重新启动系统日志,这应该没问题。
现在您只需确保您的应用程序记录到 syslog。对于 Java,它将是 log4j 或类似的。对于 Node.js(这是我正在使用的),rconsole 有效(https://github.com/tblobaum/rconsole)。
【讨论】:
【参考方案7】:我尝试过的所有方法似乎都不起作用,而且 loggly 文档非常混乱! 我希望这会对某人有所帮助,这就是我的工作方式。
将以下内容粘贴到 .ebextensions/loggly.config 中
files:
"/etc/rsyslog.conf" :
mode: "000644"
owner: root
group: root
content: |
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
# Input for FILE.LOG
$InputFileName /var/app/current/PATH_TO_YOUR_LOG_FILE
$InputFileTag social_php:
$InputFileStateFile stat-social_php #this must be unique for each file being polled
$InputFileSeverity info
$InputRunFileMonitor
#Add a tag for events from this file
$template LogglyFormatsocial_php,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"php_log\"] %msg%\n"
if $programname == 'social_php' then @@logs.loggly.com:37146;LogglyFormatsocial_php
if $programname == 'social_php' then ~
*.* @@logs.loggly.com:37146
commands:
01-restart-syslog:
command: service rsyslog restart
【讨论】:
【参考方案8】:按照我在 elasticbeanstalk 中的 loggly 配置。对于 Linux + log4j
关于 .ebextensions 文件配置
container_commands:
01_configure_sudo_access:
command: sed -i -- 's/ requiretty/ \!requiretty/g' /etc/sudoers
02_loggy_configure:
command: sudo python .ebextensions/scripts/loggly_config.py
03_restore_sudo_access:
command: sed -i -- 's/ \!requiretty/ requiretty/g' /etc/sudoers
用于默认 AMI 的 Python 中的 Loggly 脚本:
import os
rsyslog_path = '/etc/rsyslog.conf'
loggly_file_path = '/etc/rsyslog.d/22-loggly.conf'
class LogglyConfig:
def __init__(self):
self.__linux_log()
self.__config_loggly_for_log4j()
def __linux_log(self):
#not installed on this machine
if not os.path.exists(loggly_file_path):
os.system('rm -f configure-linux.sh')
os.system('wget https://www.loggly.com/install/configure-linux.sh')
os.system('sudo bash configure-linux.sh -a DOMAIN -t TOKEN -u USER -p PASSWORD -s')
def __config_loggly_for_log4j(self):
f = open(rsyslog_path,'r')
file_text = f.read()
f.close()
file_text = file_text.replace('#$ModLoad imudp', '$ModLoad imudp')
file_text = file_text.replace('#$UDPServerRun 514', '$UDPServerRun 514')
f = open(rsyslog_path,'w')
f.write(file_text)
f.close()
os.system('service rsyslog restart')
LogglyConfig()
在您的 java 项目的 log4j.properties 中
log4j.rootLogger=INFO, SYSLOG
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.SyslogHost=localhost
log4j.appender.SYSLOG.Facility=Local3
log4j.appender.SYSLOG.Header=true
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=java %dISO8601 %p %t %c1.%M - %m%n
【讨论】:
以上是关于如何在 Elastic Beanstalk 上设置 Loggly?的主要内容,如果未能解决你的问题,请参考以下文章
如何在 AWS Elastic Beanstalk 上设置 HTTPS
如何在 Elastic Beanstalk 上设置延迟作业时修复“需要”错误
在 Elastic Beanstalk 上设置 Docker 容器主机名
使用 Postgres 在 Elastic Beanstalk 上设置 Django