Drupal 8 Syslog

 

You can specify a syslog server for sending syslog messages to the external servers by using the WebUI or the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

In the Old WebUI

Syslog is enabled in Drupal. And works perfectly fine logging to Unix server syslog file. However, on the IIS (which doesn't have Syslog) there are 0 messages landing in the EventLog where it should appear. What I tried so far: php.ini - errorlog = 'syslog' (that I found on multiple Drupal forum for windows config). Tail -f /var/log/drupal.log. UPDATE: OS X 10.8 Mountain Lion and OS X 10.9 Mavericks are slightly different: 1. Just like above, create the log file with. Sudo touch /var/log/drupal.log. Instead of adding a line to /etc/syslog.conf, add the following line to /etc/asl.conf: # Drupal logging? = Facility local3 file /var/log/drupal.log. Restart logging with. Drupal Answers is a question and answer site for Drupal developers and administrators. It only takes a minute to sign up. Sign up to join this community. Class DrupalsyslogTestsSyslogTest; Expanded class hierarchy of SyslogTest. Core/ modules/ syslog/ src/ Tests/ SyslogTest.php, line 12. Namespace DrupalsyslogTests. Class SyslogTest extends WebTestBase /. Modules to enable.

To configure a Syslog server and Syslog facility levels:

1. In the Instant main window, click the System link.

2. Click Show advanced options to display the advanced options.

3. Click the Monitoring tab.

4. In the Syslog server text box which is in the Servers section, enter the IP address of the server to which you want to send system logs.

The syslog source address is sent individually by the Instant APs in the cluster and never the virtual controller IP. Even the master Instant AP sends the syslog source address from its actual IP address.

5. Select the required values to configure syslog facility levels. Syslog Facility is an information field associated with a syslog message. It is an application or operating system component that generates a log message. The following seven facilities are supported by Syslog:

Ap-Debug—Detailed log about the Instant AP device.

Network—Log about change of network; for example, when a new Instant AP is added to a network.

Security—Log about network security; for example, when a client connects using wrong password.

System—Log about configuration and system status.

User—Important logs about client.

User-Debug—Detailed logs about client debugging.

Wireless—Log about radio.

The following table describes the logging levels in the Syslog drop-down list, in order of severity from the most severe to the least severe.

Table 1: Logging Levels

Logging Level

Description

Emergency

Panic conditions that occur when the system becomes unusable.

Alert

Any condition requiring immediate attention and correction.

Critical

Any critical conditions such as a hard drive error.

Errors

Error conditions.

Warning

Warning messages.

Notice

Significant events of a noncritical and normal nature. The default value for all Syslog facilities.

Information

Messages of general interest to system users.

Debug

Messages containing information useful for debugging.

6. Click OK.

In the New WebUI

To configure a Syslog server and Syslog facility levels:

1. Go to Configuration > System.

2. Click Show advanced options.

3. Expand Monitoring.

4. In the Syslog server text box which is in the Servers section, enter the IP address of the server to which you want to send system logs.

The syslog source address is sent individually by the Instant APs in the cluster and never the virtual controller IP. Even the master Instant AP sends the syslog source address from its actual IP address.

5. In the Syslog Facility Levels section, select the required values to configure syslog facility levels. Syslog Facility is an information field associated with a syslog message. It is an application or operating system component that generates a log message. The following seven facilities are supported by Syslog:

System—Log about configuration and system status.

Ap-Debug—Detailed log about the Instant AP device.

User—Important logs about client.

Network—Log about change of network; for example, when a new Instant AP is added to a network.

User-Debug—Detailed logs about client debugging.

Security—Log about network security; for example, when a client connects using wrong password.

Drupal

Wireless—Log about radio.

The following table describes the logging levels in the Syslog drop-down list, in order of severity from the most severe to the least severe.

Table 2: Logging Levels

Logging Level

Description

Emergency

Panic conditions that occur when the system becomes unusable.

Alert

Any condition requiring immediate attention and correction.

Critical

Any critical conditions such as a hard drive error.

Error

Error conditions.

Warning

Warning messages.

Notice

Significant events of a noncritical and normal nature. The default value for all Syslog facilities.

Info

Messages of general interest to system users.

Debug

Messages containing information useful for debugging.

6. Click Save.

In the CLI

To configure a syslog server:

(Instant AP)(config)# syslog-server <IP-address>

To configure syslog facility levels:

(Instant AP)(config)# syslog-level <logging-level>[ap-debug network security system user user-debug wireless]

To view syslog logging levels:

(Instant AP)# show syslog-level

Logging Level

-------------

Facility Level

-------- -----

ap-debug warn

network warn

security warn

system warn

user warn

user-debug warn

wireless error

Instead of logging to the database, it could make more sense to log to the operating system.

Why?

Pro

  • The OS has already a great way of maintaining logs, so there isn’t really any need to have a separated database logging.
  • The options to maintain or report logs with the OS are much larger than the default Drupal database logging system.
  • Database logging eats away performance from your server, certainly when Drupal writes tons of logfiles each day.

Con

  • Any shared hosted website can’t use this option, because they have no access to the OS’ logsystem.
  • If your website is maintained by a so called “webmaster” or a “not so technically equipped person”, it may be easier to log to the database, because nontech persons would generally prefer to access the logs through the Drupal admin interface instead of using some dodgy Unix command. Of course, you could ask yourself if a nontech person is anything with the Drupal logs in the first place.

Syslog or rsyslog?

Logfiles in Linux are maintained by a program named syslog. However, the more recent program rsyslog, that can be seen as an extended version of syslog, is used nowadays.

Installation

1) Install syslog module in Drupal

Drupal 8 System Requirements

To allow Drupal to log the syslog or rsyslog, you have to install the Drupal syslog module. Syslog is default included in the Drupal core.

2) Apart from that, your OS should also have syslog or rsyslog installed.

Drupal 8 System_retrieve_file

  • Normally this is already installed.
  • Linux logfiles are located in /var/log/

3) Configure the Drupal module

Events in Linux have a prefix, like user. or mail. This way you know the origin of the log and it makes it easier to manage everything.

In /admin/settings/logging/syslog , you can select on of the following prefixes for your website:

  • local0
  • local1
  • local2
  • other localeX
  • LOG_USER (=Microsoft only)
What to select?
  • If you log one site, it really doesn’t matter which one you choose.
  • If you have multiple sites running on the same machine, and you want each site to log to a different file, the selection does matter. Eg: site A logs to local0, site B logs to local1, etc.

4) configure r/syslog

In syslog you also need to set to which file local0 should log to.

In Syslog:

Open /etc/syslog.conf

add the line:

local0.* /var/log/drupal.log

In rsyslog:

Open /etc/rsyslog.d/50-default.conf

add the same line:

local0.* /var/log/drupal.log

This will log all local0 logs to /var/log/drupal.log

  • If you have selected local1 in the previous step, you have to replace “local0” by “local1″ in the configuration line. The same applies for any other localX-selection.
  • You can name your logfile different than “drupal.log”, in fact you can choose any name that hasn’t been taken yet.

5) Restart r/syslog

Now restart the program:

sudo service rsyslog --full-restart

or:

sudo service syslog --restart

6) Test it.

Run chron or cause an error (eg: 404) and see if /var/log/drupal.log has been created and gets filled.

If not, check if /var/log/messages gets filled with Drupal files. If so, recheck the configuration again and see if you made any mistakes.

7) disable dblog

At this point, Drupal will log to both the logsystem and the regular dblog.

You can simply disable the module “database logging” in /admin/configure/modules .

8 ) clear dblog

To avoid confusion, clear the table dblog in your database. That way, you won’t forget that the logs are not in dblog anymore.

sql:

DELETE FROM watchdog

9) Pimp your logs

The default log entry didn’t really satisfy my needs. For example: the timestamp is logged, which is a bit redundant, because syslog automatically saved the time. I also find the severity level important, and the actual log message should be put affront.

/**
* Format a system log entry.
*
* @ingroup themeable
*/
function theme_syslog_format($entry) {
global $base_url;

//$message = $base_url;
$message .= $entry['severity'];
$message .= ' '. strip_tags(is_null($entry['variables']) ? $entry['message'] : strtr($entry['message'], $entry['variables']));
$message .= ' '. $entry['type'];
$message .= ' '. $entry['user']->name . ' (' . $entry['user']->uid . ')';
$message .= ' '. $entry['ip'];
$message .= ' '. $entry['request_uri'];
$message .= ' '. $entry['referer'];
$message .= ' '. strip_tags($entry['link']);

return $message;
}

9) GUI log file viewer

Linux has a program named “log file viewer”, it’s hidden in System > Administration > Log File Viewer.

You can add the Drupal log files by selecting “File” > “Add” > and select /var/log/drupal.log

Drupal 8 Core Syslog

The Log File Viewer will automatically refresh, so if there isn’t anything new visible in the viewer, there aren’t any new logs. If there are new logs, they will appear in bold.

Result