Examples on setting up syslog for Drupal

Now that the new watchdog hook is in Drupal core, and slated for release with Drupal 6, we can do some neat tricks in syslog to route Drupal event messages.

This article details some examples on how syslog can be used with Drupal.

Under UNIX like systems, the configuration for syslog should be in /etc/syslog.conf. By editing this file and adding the appropriate entries, we can control how Drupal messages are routed.

Here is an example where you have a live site and a test site on the same site, and want the messages from each to go to different files. The trick here is to set each site with a different facility, so the live site goes to LOCAL0 while the test site goes to LOCAL7.

# Drupal live site goes to /var/log/drupal-live
#
# By default, all messages goes to the drupal log file
local0.* /var/log/drupal-live
# critical and higher go to the console
local0.crit /dev/console
# Info messges get logged to the drupal-info file
local0.info;local0.!err /var/log/drupal-live-info
# Alert gets written to the terminals of root and user kbahey
local0.alert root,admin

# Drupal development sites goes to local7
local7.* /var/log/drupal-devel
# Test site debug messages go into their own file, to prevent clutter
local7.debug /var/log/drupal-devel-debug

In a large setup with multiple servers, we want the messages from all servers to go to a central monitoring stations.

# Everything to local1 goes to the monitoring server
local1.* @monitor1

Things can get more interesting when you also use named pipes to route the output to other programs.

Check your man page for syslog.conf for more information.

Contents: 

Comments

rsyslog quick and dirty

Put the following in /etc/rsyslog.d/90-drupal

# drupal syslog logging
if $programname == 'drupal' then /var/log/drupal.log
if $programname == 'drupal' then ~

Or you can use blocks in that

Or you can use blocks in that file

# drupal syslog logging
!drupal
*.* /var/log/drupal.log
*.* ~
!*

I wanted both the local file

I wanted both the local file and remote output, which looks like this:

if $programname == 'drupal' then /var/log/httpd24/drupal.log
if $programname == 'drupal' then @@loghost:514;SplunkForwardFormat
if $programname == 'drupal' then ~

The last of line 2 is just an output format template.