Created
February 26, 2012 04:06
-
-
Save twalling/1912861 to your computer and use it in GitHub Desktop.
Syslog proxy for Heroku log messages to make them work with Graylog2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # example message: | |
| # 197 <158>1 2011-11-28T19:00:34+00:00 d.b948a827-37d6-431e-9323-03e8ec503a35 heroku router - - GET graylog2.org/images/screenshots/04_t.png dyno=web.1 queue=0 wait=0ms service=4ms status=200 bytes=29494 | |
| require 'socket' | |
| require 'gelf' | |
| DEBUG = true | |
| LISTEN_PORT = 5514 | |
| LISTEN_ADDRESS = "127.0.0.1" | |
| GRAYLOG2_GELF_PORT = 12202 | |
| GRAYLOG2_HOST = "127.0.0.1" | |
| notifier = GELF::Notifier.new(GRAYLOG2_HOST, GRAYLOG2_GELF_PORT) | |
| def forward(what) | |
| notifier = GELF::Notifier.new(GRAYLOG2_HOST, GRAYLOG2_GELF_PORT) | |
| notifier.notify!(what) | |
| end | |
| def to_gelf(message) | |
| raise "message is nil" if message.nil? | |
| { | |
| :short_message => extract_message(message), | |
| :host => extract_host(message), | |
| :full_message => message, | |
| :_http_verb => extract_http_verb(message), | |
| :_http_return_code => extract_http_return_code(message) | |
| } | |
| end | |
| def extract_message(message) | |
| message.scan(/- -(.*)/)[0][0].strip rescue "could not be parsed" | |
| end | |
| def extract_host(message) | |
| "heroku" | |
| end | |
| def extract_http_verb(message) | |
| message.scan(/- -(.*)/)[0][0].split(' ')[0] rescue nil | |
| end | |
| def extract_http_return_code(message) | |
| message.scan(/- -(.*)/)[0][0].split(' ')[6].split('=')[1].to_i rescue nil | |
| end | |
| server = TCPServer.new(LISTEN_ADDRESS, LISTEN_PORT) | |
| loop do | |
| puts "Listening for connections" if DEBUG | |
| s = server.accept | |
| # Spawn the handling to a thread and continue listening to allow multiple Heroku syslog drains. | |
| Thread.new do | |
| puts "Spawned drain handler" if DEBUG | |
| begin | |
| while message = s.gets # Reads every line separated by \n | |
| puts "Received message: #{message}" if DEBUG | |
| forward(to_gelf(message)) | |
| end | |
| rescue => e | |
| puts e | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This works well, but be patient starting it up. I got this running on an EC2 Ubuntu 10.4 instance (RVM with Ruby 1.9.3-p194) but sometimes it took a minute or two before it started receiving requests.
For more info on getting the rest running, I found this helpful: http://blog.dean.io/2012/04/getting-started-with-graylog2-for-logging-updated-for-0-9-6/