CentOS And Logs
Hello,
may be anyone familiar with some tool for viewing logs. I mean web-interface based, simple solution.
I have developers, and I can’t give them access to my CentOS servers, but they want to see logs of Apache. I want to give them address like
172.17.17.21/logs and they will be able to watch logs of Apache in browser.
I was looking a lot for something like this, but didn’t find. Alex.
*UPD: *something very simple like phpMemcachedAdmin or familiar to this Thank you.
—
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3*
*www.linuxspace.org*
*–*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org*
6 thoughts on - CentOS And Logs
you say ‘servers’: plural, which leads me to think you’re doing load balancing or otherwise have multiple servers which seems like another layer to consider for your puzzle.
I would consider something like splunk (or more likely one of the free alternatives) and a setup like:
(users) —public interface –> [webserver] -private interface –\
— for logs–>[splunk/log collector]<----(developers) and make sure there are acls/firewall rules in place to just allow your developers access (http logs may well include some data that you don’t want to get out to the public, like if someone implements a cgi as a get instead of a post but has sensitive data included)
We are using loganalyzer from the same people that do rsyslog.
developers have to have SOME level of access to the server, no?
otherwise how can they test their code?
I put the websites under development are in /home/appuser/public_html and the web logs for that vhost in /home/appuser/logs
and the appuser account is just an ordinary user, who can log on via ssh, and transfer files with rsync or sftp/scp
I have heard and seen great things about ELK: elasticsearch, logstash, and kibana. I saw it in action and it looked and behaved a lot like Splunk (and it’s all open, so no licensing issues like Splunk).
–keith
With splunk you get 500mb/day free. So you can collect logs with rsyslog, drop the stuff you don’t want to see ever and then forward the rest to splunk. This could help save on license issues.
You also have tools like greylog. It can be fed from logstash also and is very impressive. ELK, as Keith mentioned, is awesome.. as is a tool called ELSA. Lots of ways to look at logs via the web. the harder part is knowing what you are looking for, field extraction and correlation.
You could use NFS, exportfs the apache log directory to 127.0.0.1 only, make a directory somewhere accessible to the developers outside the root of the server and mount the apache log directory to that dir READONLY.
Alternatively you can change the log directory location in http.conf to somewhere the developers can access it but outside the root of the server. Since apache AND the developers must be able to access it this should be no problem.
Jobst