Write Drupal logs to rsyslog instead of to dblog - developed.be

Instead of logging to the database, it could make more sense to log to the operating system.

Why?

Pro

  • The OS has already a great way of maintaining logs, so there isn’t really any need to have a separated database logging.
  • The options to maintain or report logs with the OS are much larger than the default Drupal database logging system.
  • Database logging eats away performance from your server, certainly when Drupal writes tons of logfiles each day.

Con

  • Any shared hosted website can’t use this option, because they have no access to the OS’ logsystem.
  • If your website is maintained by a so called “webmaster” or a “not so technically equipped person”, it may be easier to log to the database, because nontech persons would generally prefer to access the logs through the Drupal admin interface instead of using some dodgy Unix command. Of course, you could ask yourself if a nontech person is anything with the Drupal logs in the first place.

Syslog or rsyslog?

Logfiles in Linux are maintained by a program named syslog. However, the more recent program rsyslog, that can be seen as an extended version of syslog, is used nowadays.

Installation

1) Install syslog module in Drupal

To allow Drupal to log the syslog or rsyslog, you have to install the Drupal syslog module. Syslog is default included in the Drupal core.

2) Apart from that,  your OS should also have syslog or rsyslog installed.

  • Normally this is already installed.
  • Linux logfiles are located in /var/log/

3) Configure the Drupal module

Events in Linux have a prefix, like user. or mail. This way you know the origin of the log and it makes it easier to manage everything.

In /admin/settings/logging/syslog , you can select on of the following prefixes for your website:

  • local0
  • local1
  • local2
  • other localeX
  • LOG_USER (=Microsoft only)
 What to select?
  • If you log one site, it really doesn’t matter which one you choose.
  • If you have multiple sites running on the same machine, and you want each site to log to a different file, the selection does matter. Eg: site A logs to local0, site B logs to local1, etc.

4) configure r/syslog

In syslog you also need to set to which file local0 should log to.

In Syslog:

Open /etc/syslog.conf

add the line:

local0.* /var/log/drupal.log

In rsyslog:

Open /etc/rsyslog.d/50-default.conf

add the same line:

local0.* /var/log/drupal.log

This will log all local0 logs to /var/log/drupal.log

  • If you have selected local1 in the previous step, you have to replace “local0” by “local1″ in the configuration line. The same applies for any other localX-selection.
  • You can name your logfile different than “drupal.log”, in fact you can choose any name that hasn’t been taken yet.

5) Restart r/syslog

Now restart the program:

sudo service rsyslog --full-restart

or:

sudo service syslog --restart

6) Test it.

Run chron or cause an error (eg: 404) and see if /var/log/drupal.log has been created and gets filled.

If not, check if /var/log/messages gets filled with Drupal files. If so, recheck the configuration again and see if you made any mistakes.

7) disable dblog

At this point, Drupal will log to both the logsystem and the regular dblog.

You can simply disable the module “database logging” in /admin/configure/modules .

8 ) clear dblog

To avoid confusion, clear the table dblog in your database. That way, you won’t forget that the logs are not in dblog anymore.

sql:

DELETE FROM watchdog

9) Pimp your logs

The default log entry didn’t really satisfy my needs. For example: the timestamp is logged, which is a bit redundant, because syslog automatically saved the time. I also find the severity level important, and the actual log message should be put affront.

/**
 * Format a system log entry.
 *
 * @ingroup themeable
 */
function theme_syslog_format($entry) {
  global $base_url;
 
  //$message  = $base_url;
  $message .= $entry['severity'];
  $message .= '|'. strip_tags(is_null($entry['variables']) ? $entry['message'] : strtr($entry['message'], $entry['variables']));
  $message .= '|'. $entry['type'];
  $message .= '|'. $entry['user']->name . ' (' . $entry['user']->uid . ')';
  $message .= '|'. $entry['ip'];
  $message .= '|'. $entry['request_uri'];
  $message .= '|'. $entry['referer'];
  $message .= '|'. strip_tags($entry['link']);
 
  return $message;
}

9) GUI log file viewer

Linux has a program named “log file viewer”, it’s hidden in System > Administration > Log File Viewer.

You can add the Drupal log files by selecting “File” > “Add” > and select /var/log/drupal.log

The Log File Viewer will automatically refresh, so if there isn’t anything new visible in the viewer, there aren’t any new logs. If there are new logs, they will appear in bold.

Result

Drupal GUI Logfile Viewer

Drupal GUI Logfile Viewer


Rss Comments

4 comments

  1. Anyway to have different log files by message type from watchdog ?

    #1 tim
  2. Instead of 8) clear dblog I recommend uninstalling the dblog module. This removes the watchdog table completely.

    #2 Lars
  3. Good point, Lars.

    #3 Robin
  4. The name of the GUI tool is “System Log” (gnome-system-log) and can on Ubuntu system be installed via the Ubuntu Software Center

    #4 boris

Leave a comment