Now that the new watchdog hook is in Drupal core, and slated for release with Drupal 6, we can do some neat tricks in syslog to route Drupal event messages.
This article details some examples on how syslog can be used with Drupal.
Under UNIX like systems, the configuration for syslog should be in /etc/syslog.conf. By editing this file and adding the appropriate entries, we can control how Drupal messages are routed.
Here is an example where you have a live site and a test site on the same site, and want the messages from each to go to different files. The trick here is to set each site with a different facility, so the live site goes to LOCAL0 while the test site goes to LOCAL7.
# Drupal live site goes to /var/log/drupal-live
#
# By default, all messages goes to the drupal log file
local0.* /var/log/drupal-live
# critical and higher go to the console
local0.crit /dev/console
# Info messges get logged to the drupal-info file
local0.info;local0.!err /var/log/drupal-live-info
# Alert gets written to the terminals of root and user kbahey
local0.alert root,admin
# Drupal development sites goes to local7
local7.* /var/log/drupal-devel
# Test site debug messages go into their own file, to prevent clutter
local7.debug /var/log/drupal-devel-debug
In a large setup with multiple servers, we want the messages from all servers to go to a central monitoring stations.
# Everything to local1 goes to the monitoring server
local1.* @monitor1
Things can get more interesting when you also use named pipes to route the output to other programs.
Check your man page for syslog.conf for more information.
Comments
Dan Garthwaite (not verified)
rsyslog quick and dirty
Wed, 2010/10/20 - 22:38Put the following in /etc/rsyslog.d/90-drupal
Andrei (not verified)
Or you can use blocks in that
Tue, 2012/02/07 - 04:28Or you can use blocks in that file
Toby (not verified)
I wanted both the local file
Wed, 2015/12/16 - 15:54I wanted both the local file and remote output, which looks like this:
if $programname == 'drupal' then /var/log/httpd24/drupal.log
if $programname == 'drupal' then @@loghost:514;SplunkForwardFormat
if $programname == 'drupal' then ~
The last of line 2 is just an output format template.