Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:config:centralized-syslog-or-splunk-logging [2015/07/30 18:26]
Michael Alegre created
+++ litespeed_wiki:config:centralized-syslog-or-splunk-logging [2025/06/03 18:29] (current)
Lisa Clarke Redirect to new Documentation Site
@@ Line 1: / Line 1: @@
-======  How to send LiteSpeed logs to a Syslog or Splunk logging server  ======
+~~REDIRECT>https://docs.litespeedtech.com/lsws/logging/#splunk~~
-The following script is helpful and can be easily customized to fit your environment to
-send  error/server logs from all litespeed web servers or load balancer instances to a centralized location: a central syslog server, or a splunk data gather.
-For this example, the logs are syslogged to a remote server without any alteration.
-===== A. Install Perl Modules ====
-Make sure to install the necessary Perl modules from CPAN.
-<code>
-perl -MCPAN -e "install File::Tail::Multi"
-prel -MCPAN -e "install Sys::Syslog"
-</code>
-===== B. Copy Script to Server ====
-Here is the Perl script. If you do not have Perl binary in /usr/bin/perl then modify the scripts first line.
-<code>
-#!/usr/bin/perl
-use strict;
-use File::Tail::Multi;
-use Sys::Syslog;
-#Put all the litespeed error/stderr/php error log files here
-my @log_files = ["/opt/lsws/logs/error.log","/opt/lsws/logs/stderr.log","/opt/lsws/logs/php.err"];
-#Create this file if it does not exist. Script will use this file to keep
-#a record of where it left off for each tailing file so it will never re-read old data.
-my $tail_checkpoint_file = "/tmp/perl_tail.lastrun";
-#Your syslog udp server. Make sure udp port 514 is open
-my $syslog_server = "127.0.0.1";
-#Let syslog use remote udp protocol
-Sys::Syslog::setlogsock("udp", $syslog_server);
-#Setting syslog message options. The firt param will prepend litespeed to all outgoing messages
-openlog("litespeed", 'nowait', 'local0');
-#Create the tail/watch instance.
-my $myTail = File::Tail::Multi->new(
-	Function => \&fn_read_lines,
-	LastRun_File => $tail_checkpoint_file,
-	Files => @log_files,
-	RemoveDuplicate => 1,
-);
-print("Log watcher running...\n");
-while(1) {
-	#Read lines from watched files if there are new lines to read
-	$myTail->read;
-	#for debug purpose
-	#$myTail->print;
-	#1 second is good for almost real-time without chewing up cpu
-	sleep 1;
-}
-#This function is called when there are new lines read
-sub fn_read_lines {
-	my $lines_ref = shift;
-	foreach ( @{$lines_ref} ) {
-		chomp; #removes new line
-		syslog("info",$_);
-	}
-}
-</code>
-===== C. Test Script ====
-To verify that the code is working. Run the scrip via command line.
-<code>
-perl watch.pl
-#or if you have executable bit set on the script
-./watch.pl
-</code>
-===== D. Run as daemon/in background ====
-To run it as a daemon/background process. Use nohup.
-<code>
-nohup perl watch.pl &
-</code>