How to Monitor Server Logs in Real-Time with Log.io Tool on RHEL 7 /CentOS 7
Index
1.Introduction
Log.io is a small simple but effective application build on top of Node.js and Socket.io, which allows to monitor Linux servers log files in real time through web interface screen widgets. This guide will help you to monitor server log with log.io on CentOS 7 / RHEL 7.
2.Operating System
This article is based on RHEL 7 / CentOS 7 .
3.Installation
3.1 Add Epel Repositories
Install Epel repositories by running the following command.
# yum install http://fedora.mirrors.telekom.ro/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
After you added Epel Repos, do a system upgrade by running the following command.
# yum update
Install Node.js and NPM Packages
Node.js is a Java-script server-side programming platform which allows you to create an applications with back-end functionality. NPM (Node Package Manager) is package manager for Node.js, So the next step is to install Node.js and NPM binaries on your system through the following command.
# yum install npm nodejs
3.3 Install and Configure Log.io Application
Log.io application must be installed on your system through NPM by specifying a valid system user, through which the installation must take place. So here we can install the application as root user. For installing run the below command.
# npm install -g log.io --user “root”
After installation has been completed change the working directory to Log.io folder, which is hidden under the “/root” directory.
[root@sapin-centos7 ~]# pwd /root [root@sapin-centos7 ~]# cd .log.io/ [root@sapin-centos7 .log.io]# ll total 12 -rw-r--r-- 1 root root 225 Jan 18 17:21 harvester.conf -rw-r--r-- 1 root root 56 Jan 18 16:24 log_server.conf -rw-r--r-- 1 root root 516 Jan 18 17:22 web_server.conf [root@sapin-centos7 .log.io]#
Now it’s time to configure Log.io to monitor local log files in real time.
There are mainly three configuration files and are listed below.
> harvester.conf > log_server.conf > web_server.conf
harvester.conf
This the configuration file for harvester, it is nothing but a log forwarder which keeps on watching log files for changes, send new log to the server. We can configure nodeName, what are all logs to watched and where to send a log. By default it only monitors Apache log files such us “access_logs and error_logs”, Here we have to replace the nodeName statement to match your hostname and also you have to add the logStreams statements with what internal log files that you want to monitor.
exports.config = { nodeName: "sapin-centos7.syslint.com", logStreams: { apache: [ "/var/log/httpd/access_log", "/var/log/httpd/error_log" ] }, server: { host: '0.0.0.0', port: 28777 } }
Also if you don’t need harvester output to be sent to a remote Log.io server change the line host on server statement to only send its output locally by modifying 0.0.0.0 address with loopback address (127.0.0.1).
log_server.conf
For security reasons, if you are not expecting remote harvesters output to your local Log.io server, Open log_server.conf file and replace 0.0.0.0 address with loopback address (127.0.0.1).
exports.config = { host: '127.0.0.1', port: 28777 }
web_server.conf
This the configuration file of web interface, this alters the functionality of the web portal. By-default, web portal is accessible on port no 28778 and on all interface. This file offers a way to increase the security by putting HTTP authentication,securing the web interface with SSL, disallowing logs from specific ip address and restricting the web interface access to the specific ip.
exports.config = { host: '0.0.0.0', port: 28778, /* // Enable HTTP Basic Authentication auth: { user: "admin", pass: "adminlogin" }, */ /* // Enable HTTPS/SSL ssl: { key: '/path/to/privatekey.pem', cert: '/path/to/certificate.pem' }, */ /* // Restrict access to websocket (socket.io) // Uses socket.io 'origins' syntax restrictSocket: '*:*', */ /* // Restrict access to http server (express) restrictHTTP: [ "192.168.29.39", "10.0.*" ] */ }
3.4 Add Firewall Rule and Start Log.io Application
For web access to Log.io server add a rule on RHEL/CentOS 7 Firewall to open TCP 28778 port by issuing the following command.
firewall-cmd --add-port=28778/tcp --permanent firewall-cmd --reload
3.5 Start Log.io Application
For start Log.io log monitoring application assure that your current working directory is “/root” and use the following commands in the following order to start application.
> First start server, put it in background and press Enter key
log.io-server &
> Start log harvester in background
log.io-harvester &
[root@sapin-centos7 .log.io]# log.io-server & [1] 16427 [root@sapin-centos7 .log.io]# info - socket.io started [root@sapin-centos7 .log.io]# log.io-harvester & [2] 16431 [root@sapin-centos7 .log.io]#
4. Access Web Interface
Then open your web browser and visit http://your-ip-address:28778. You will get the following page with logs.
5. Conclusion
We have successfully installed and configured a real-time log monitoring tool “Log.io” on CentOS 7 / RHEL 7. Log.io is an excellent and effective web application to monitor local or remote servers log files is real time and get an outlook on what is going internally in the systems and especially to debug server problems when systems tend to become unresponsive or crashes, without the need to use a console.
6.Reference
http://logio.org/
Hi,
Sometimes we received below error in the log.io server logs file.
error: Lost TCP connection…
error: Lost TCP connection…
error: Lost TCP connection…
Possible cause are 1. log.io agent is down on agent server 2. log file is rotated, due to this agent is not able to read the log file.
So my question is if we have multiple agent then how we know as per the server log file which instance is down ? Is there any setting in the configuration file to prefix hostname in log file.
Thanks for the article, it’s very useful, great post!