Using Syslog with Foreman » History » Revision 2
Revision 1 (Johan Sunnerstig, 08/12/2014 02:56 AM) → Revision 2/5 (Johan Sunnerstig, 08/12/2014 02:56 AM)
h1. Using Syslog with Foreman
Foreman does not natively support syslog, but you can use the 'imfile' module for Rsyslog to forward the production log from the Foreman server to your centralized log server.
If you're running Debian or RHEL >= 6 you already have Rsyslog and imfile so you're good to go.
Begin by configuring Rsyslog, either add the snippet below straight to rsyslog.conf or make sure rsyslog.conf has a statement like this: '$IncludeConfig /etc/rsyslog.d/*.conf' and add the snippet to f.ex '/etc/rsyslog.d/foreman.conf'.
<pre>
$ModLoad imfile
$InputFileName /var/log/foreman/production.log
$InputFileTag foreman
$InputFileStateFile rsyslog-foreman-state
$InputFileSeverity info
$InputFileFacility local1
$InputRunFileMonitor
local1.* @your.syslog.server
</pre>
Change the specifics according to your needs. One @-symbol before the server name signifies a UDP transport and two @-symbols means TCP transport.
You're now nearly ready to go, when you restart rsyslog it will begin tracking the production.log and forwarding it to your syslog server, however you will need to configure logrotate as well.
Edit the file '/etc/logrotate.d/foreman' and add a post-rotate statement like so:
<pre>
# Foreman logs:
/var/log/foreman/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
copytruncate
# The
* post-rotate statment begins on the line below...
post-rotate
service rsyslog stop
rm /var/spool/rsyslog/rsyslog-foreman-state
service rsyslog start
endscript
# ...and end here. endscript*
}
</pre>
This is due to the 'copytruncate' statement, this causes logrotate to do pretty much what it says, copy the log file and then truncate it in place, which means rsyslog will not notice the rotation since the inode number doesn't change, thus you will lose the forwarding as soon as a rotation takes place.
You should be all set by now.