Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configure AWS Elastic Beanstalk syslog to poll nginx logs (in order to send them to loggly)
#
# configure rsyslogd to include logfiles from nginx/apache
# needs 010_loggly.config
# Save this file as .ebextensions/015_nginx-loggly.config
# replace TOKEN
# Deploy per normal scripts or aws.push. To help debug the push, ssh & tail /var/log/cfn-init.log
# See Also /var/log/eb-tools.log
#
files:
"/etc/rsyslog.d/21-nginx-loggly.conf" :
mode: "000644"
owner: root
group: root
content: |
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# nginx access file:
$InputFileName /var/log/nginx/access.log
$InputFileTag nginx-access:
$InputFileStateFile stat-nginx-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#nginx Error file:
$InputFileName /var/log/nginx/error.log
$InputFileTag nginx-error:
$InputFileStateFile stat-nginx-error
$InputFileSeverity error
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Add a tag for nginx events
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"nginx\"] %msg%\n"
if $programname == 'nginx-access' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'nginx-access' then ~
if $programname == 'nginx-error' then @@logs-01.loggly.com:514;LogglyFormat
if $programname == 'nginx-error' then ~
commands:
010_create_rsyslog_folder:
command: su --session-command="mkdir -p /var/spool/rsyslog"
ignoreErrors: true
services:
sysvinit:
rsyslog:
ensureRunning: true
files: "/etc/rsyslog.d/21-apache-loggly.conf"
@benyitzhaki

This comment has been minimized.

Show comment
Hide comment
@benyitzhaki

benyitzhaki Jul 26, 2015

hi thanks, where can i get 010_loggly.config ?

benyitzhaki commented Jul 26, 2015

hi thanks, where can i get 010_loggly.config ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment