13 Feb 2009

Remote Logging and simplest LogServer

I am not going to talk about Central Syslog Server or Syslog-ng.

There are situations where one would like make some logs remotely viewable (say, to some developer who is not allowed to the Remote Server).

You could use netcat. Something like this would work.

On the remote machine:

tail -f /some/log/file.log | nc Local-IP Port

On the Local machine:

nc -l -p Port

Netcat is a little 25K Swiss Army Knife that can be really useful.

But, once I had a different situation.

There were around 6 different application Servers (in a cluster - request could come to anyone) generating access Logs on each one. We wished to gather the access logs on a Central place (Machine) in real-time to process / analyze.

All of a sudden I remembered DJB's tcpserver and multilog.

I prepared a Central Log collection Server with a daemon tools run script something similar to as below:

#!/bin/sh
export PATH="/usr/local/bin:$PATH"
setuidgid remoteloguser tcpserver Ip-Addr-of-LogServer Listen-Port-on-Server multilog ./access_log

And on each of the individual log generating Servers I implemented something similar to:

multitail /var/log/local_access_log | tcpclient Ip-Addr-of-LogServer Listen-Port-on-Server sh -c "cat >&7"

of course you have to run this one in background. I had also used the multitail from qlogtools.

A more interesting solution could be socklog.

No comments:

Post a comment