Getting Syslog, Pound and Mongrel to work with Awstats 1
Getting Syslog, Pound and Mongrel to work with Awstats
If you run the Ruby on Rails blog, Typo, it is likely you are using Mongrel as a cluster server and not Apache. Mongrel is easy – really easy. If you need 5 backend ruby servers, change 1 entry in the mongrel_cluster.yml file and restart.
Pound is a very simple load balancer written in perl. Many very busy websites use it. Slashdot for example gets 40M pages a day, all going through pound. Scalable? Check.
I’ll assume you already have syslog, awstats, pound, and typo/mongrel installed and simply want better logging. Explaining the nontrivial setup of these, sometimes complex, systems is not something handled in a blog. You’ll need to be root or have root editing via sudo to make this happen. A knowledge of manpages won’t hurt either.
So now you have two non-standard programs handling your web traffic, mogrel and pound. You’d like to get some normal website statistics about your users. By default, pound logs via syslog. We love syslog, but we don’t like that pound doesn’t use a separate file, by default. All your web traffic logs get intermixed with login, attempted hacks, disk failures and other system messages.
Below we’ll
- describe the syslog setup to trap pound messages and drop them into a new logfile – /var/log/pound.log
- setup the new logfile to be automatically created, should it disappear
- setup pound to write the the new pound.log file via syslog
- automatically perform log file rotation, in the normal way
- create a custom log_file_format so awstats gets all the data it can from the logs
- be certain that restarting pound gets syslog to bounce or restart too
Here are the changes specific to the logging changes. You should have other changes for your server/domain already in these files. Before starting, you probably want to run an
awstats.pl -config=domain.com -update
to capture the latest stats before you move them all into a new location.
/etc/awstats/awstats.domain.com.conf:
LogFile=“/var/log/pound.log”
LogFormat=“%time3 – - %host_r %host – - %time1 %methodurl %code %bytesd %refererquot %uaquot”
SkipHosts=“REGEX[^192\.168\.]”
/etc/syslog.conf
.;auth,authpriv.none,local0.none -/var/log/syslog
local0.* -/var/log/pound.log
See, local0 – local7 are approved syslog classes. They are meant to be used just like this. Syslog know about them, we need to be certain that pound will use local0 too. If your system is using local0, then select 1, 2, 3 … local7, which ever isn’t already in use.
/etc/pound/pound.cfg
LogFacility local0
LogLevel 3
You’ll need to have your Service, Redirect, and BackEnd stanzas too.
/etc/init.d/pound
if [ ! -e “/var/log/pound.log” ] ; then
log_warning_msg “Creating pound.log …”
touch /var/log/pound.log
chmod 0644 /var/log/pound.log
chown syslog.adm /var/log/pound.log
/etc/init.d/sysklogd reload > /dev/null
else
log_success_msg “pound.log was found”
/etc/init.d/sysklogd reload > /dev/null
fi
/etc/logrotate.d/pound
/var/log/pound.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 syslog adm
sharedscripts
postrotate
/etc/init.d/sysklogd reload > /dev/null
endscript
}
Good enough? Now just restart pound with
sudo /etc/init.d/pound restart
The next time your awstats is updated, you’ll see more and better stats. Note that we didn’t touch any of the old rrd data that awstats may have been able to parse.
This worked on an Ubuntu server 8.04 LTS running in a Xen virtual machine. There are other ways to do this and some settings can be changed without impacting whether this continues to work or not.
Obviously, your situation will be a little different and you’ll need to figure out which differences matter and which don’t. Did I miss something important or does anything need clarification? Use the comments or talkback to let me and other readers know, please.Trackbacks
Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=331
Edited: Sorry, only English comments, please.