Pre-massage/route log messages before sending them to Splunk/Papertrail/Logsene etc.
Installation
npm install hubot-syslogd
Overridable Environment variables
- SYSLOG_HOST=127.0.0.1
- SYSLOG_UDP_PORT=1338
- SYSLOG_TCP_PORT=1337
Usage:
First tell hubot which regex to watch by typing to hubot:
hubot syslog add errors /(error|fail)/gi
Then invite hubot to a channel, or add him to a private chat, and type this:
hubot syslog enable errors
and then send a UDP+TCP syslog message using a PHP / JS syslog client, or on unix:
$ logger -d --rfc3164 -n localhost -P 1338 -p local3.info hello this is an error
$ logger -T --rfc3164 -n localhost -P 1339 -p local3.info hello this is an error
Voila! It'll show up in the chat since it matched the regex :)
[15:29] <hubot> errors: hello this is an error
See syslog-middleware on how to send syslog using nodejs winston, or simply forward your console using sysconsole:
import { SysConsole } from '@divine/sysconsole';
SysConsole.replaceConsole({ loghost: 'localhost', logport:1339, facility: 'local0', title: 'MySweetApp', showFile: true, syslogTags: true, showFunc:true, highestLevel: 'info', tcpTimeout:1000 })
console.log("hoi error")
console.warn("hoi error") Email alerts anyone?
just get a papertrail account and forward 'errors' to papertrail/Splunk etc, by sending this to hubot:
hubot syslog config filter.errors.forward.0 udp://yourhost.papertrailapp.com:yourport
And configure alerts in their dashboards.
sending JSON / Text formatting
$ logger -d -P 1338 -i -p local3.info -t FLOP 'foobar {{indent:10:priority}}::ok'
$ logger -d -P 1338 -i -p local3.info -t FLOP '{"flop":"flap","template":"foobar {{indent:10:flop}}::{{indent:10:priority}} errors"}'
will produce nice-aligned output in the chat:
[15:29] <hubot> errors: foobar 158 ::ok
[15:29] <hubot> errors: foobar flap ::159 error
This allows more readable logs, and/or pretty forwarded messages (to papertrail/slack/splunk etc)
See syslogd-middleware for more templating options
All commands:
hubot syslog - get overview of filters hubot syslog config [variable] [value] - show/edit filter config hubot syslog add [regex] - add filter hubot syslog remove - stop and remove a filter hubot syslog enable - start monitoring in current channel/query hubot syslog disable - stop monitoring in current channel/query
Forward messages / Backup / Files
Additionaly you could forward the logmessages to:
- a rsyslog unix daemons (which can save to files, including logrotate etc)
- a SaaS logservices (splunk/papertrail etc)
Just add their syslog-serverinfo like this:
hubot syslog config filter.errors.forward.0 udp://localhost:514
hubot syslog config filter.errors.forward.1 tcp://someserver:567
Quick tryout
This plugin should work out of the box with your existing setup. However, here's a quick tryout scenario:
$ npm install hubot-syslogd
$ cd node_modules/hubot-syslogd
$ npm install --dev
$ ONLINE=1 test/test.bash
This is just a testbot which should connect to the #hubot-syslog channel of irc.freenode.net.
Philosphy: a syslogd replacement
(NG-/R)Syslog is great, but its configuration can become herculean quite fast.
Hubot-syslog uses syslog-middleware, therefore it is highly extendable, syslog-compatible UDP/TCP loggingdaemon with use()-middleware support (like express).
robot.logserver is your entrypoint to the syslogd-middleware module
reuiqre('mymodule')(robot.logserver) // add inputs
robot.logserver.use(...) // add middleware/parsers
robot.logserver.output.push (..) // add outputs
for more info see the syslog.coffee initialisation in the top