papertrails quickstart

papertails-quickstart

https://papertrailapp.com/systems/setup

# sudo sh

# cd /etc

# wget https://papertrailapp.com/tools/syslog.papertrail.crt

# yum install rsyslog-gnutls

set hostname in /etc/rsyslog.conf

$LocalHostName my-web-node-name

#cat > /etc/rsyslog.d/papertrail.conf
$DefaultNetstreamDriverCAFile /etc/syslog.papertrail.crt # trust these CAs
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS
$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
*.*          @@logs.papertrailapp.com:18069

# /etc/init.d/rsyslog restart

# cat > /etc/httpd/conf.d/papertrail.conf

ErrorLog syslog:local1
CustomLog |/usr/local/bin/pipe_syslog combined
http://www.oreillynet.com/pub/a/sysadmin/2006/10/12/httpd-syslog.html

# cat > /usr/local/bin/pipe_syslog

#!/usr/bin/perl
    use Sys::Syslog qw( :DEFAULT setlogsock );
 
    setlogsock('unix');
    openlog('apache', 'cons', 'pid', 'local2');
 
    while ($log = <STDIN>) {
                syslog('notice', $log);
    }
    closelog
# chmod +x /usr/local/bin/pipe_syslog
also modify combined log format

# vi /etc/httpd/conf/httpd.conf

search for 'combined'

replace %h with %{X-Forwarded-For}i
# /usr/sbin/apachectl graceful