Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configure AWS Elastic Beanstalk syslog to poll nginx logs (in order to send them to loggly)
#
# configure rsyslogd to include logfiles from nginx/apache
# needs 010_loggly.config
# Save this file as .ebextensions/015_nginx-loggly.config
# replace TOKEN
# Deploy per normal scripts or aws.push. To help debug the push, ssh & tail /var/log/cfn-init.log
# See Also /var/log/eb-tools.log
#
files:
"/etc/rsyslog.d/21-nginx-loggly.conf" :
mode: "000644"
owner: root
group: root
content: |
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# nginx access file:
$InputFileName /var/log/nginx/access.log
$InputFileTag nginx-access:
$InputFileStateFile stat-nginx-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#nginx Error file:
$InputFileName /var/log/nginx/error.log
$InputFileTag nginx-error:
$InputFileStateFile stat-nginx-error
$InputFileSeverity error
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Add a tag for nginx events
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"nginx\"] %msg%\n"
if $programname == 'nginx-access' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'nginx-access' then ~
if $programname == 'nginx-error' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'nginx-error' then ~
commands:
010_create_rsyslog_folder:
command: su --session-command="mkdir -p /var/spool/rsyslog"
ignoreErrors: true
services:
sysvinit:
rsyslog:
ensureRunning: true
files: "/etc/rsyslog.d/21-apache-loggly.conf"
@benyitzhaki

This comment has been minimized.

Show comment
Hide comment
@benyitzhaki

benyitzhaki Jul 26, 2015

hi thanks, where can i get 010_loggly.config ?

benyitzhaki commented Jul 26, 2015

hi thanks, where can i get 010_loggly.config ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment