Recently, here on the Conetix blog, we began looking at configuring Plesk 12 to integrate with different logging options, ones outside of the standard setup, ones which can make it easier to stay abreast of what’s happening in your servers.
I’m keen to give you a range of options so that when things go wrong, as they invariably do, you can quickly ascertain what happened, and mitigate the issue.
We started off with the cloud-based service Loggly, one which I use and highly recommend. But whilst good, Loggly’s not the only option available. There are others, one of which I’m going to show you today. It’s called logentries.
What Is logentries
Logentries, like Loggly, is a cloud-based Logging service, one which you only need to configure your existing servers to send their logs to, then periodically, or as needed, use the UI to search through the recorded data for the information you need.
It provides a range of features to let you do this quickly and intelligently, including:
- Real-time monitoring
- Real-time alerting
- Notifications to a range of existing services, such as PagerDuty, HipChat, and New Relic
Getting started is a lot like Loggly, though requires a number of steps to be performed, whereas Loggly provides a one-step configuration script. With logentries, you have to add a host, which will contain a log configuration, to which logs will be sent.
But before we begin, if you don’t already have an account, first sign up for one. Then, after you’ve done that, login, and in the right hand column, click + Add New to start the process off, which you can see in the screenshot below.
Next, you’ll be presented with the initial configuration screen. As I’m assuming that your Plesk server’s running on Linux, click the Linux option in the first row under “Operating Systems”.
Then, in the next screen, under “What Type Of Log Do You Want To Configure?”, click Syslog. You’ll then be taken to the third screen, which allows you to specify the Syslog daemon you have running.
For the sakes of simplicity, I’ve chosen Rsyslog, which is the current default on Centos/RedHat and Debian/Ubuntu installations. But if you have Syslogd or Syslog-ng, then choose those instead. Next, you have to do two things; firstly, you have to click “Click here to add your new log to an existing host.”.
This will then present you with a list of hosts, of which there should only be one. Click that, then click the large grey button at the bottom, labelled “Configure my Syslog”. This will give you the settings you need to configure Syslog to start sending it’s log information to your logentries account.
The configuration does say “Place the following at the bottom of your rsyslog config file at /etc/rsyslog.conf”. But I suggest instead ignoring this and creating a new file under /etc/rsyslog.d, called logentries.conf, and instead adding the configuration there.
This way it’s easier to find and to manage. Once done, you then need to restart Rsyslog, which you can do by running sudo service rsyslog restart. That’s the configuration take care of. Now it’s time to get some logs in to your account.
If your Plesk server has a number of services and daemons already running, then you can likely just wait a minute or two. However, if you’d like to rush, then you can run the following command, which will add an entry for you:
bash logger -t test Hello there logentries it's Plesk 12 calling
Searching For Data
Now that data’s being sent to logentries, it’s time to get familiar with the UI so you know how to find what you’re after. As I mentioned at the start of the article, the UIs of Loggly and logentries are reasonably similar.
So this should be quite familiar if you’ve read the previous article. If not, you should find your way around well enough. From your dashboard, you’ll see the host you added on the left hand side.
Clicking it, you’ll see in the right hand side, details for it, and at the bottom the log you created. Click the name of the log, and you’ll step down in to the log information display.
Starting from the top, you’ll have a search bar, and time period filter; you’ll then have an entries graph, and at the bottom, a textual list of the log entry data. There’s quite a bit to it, which, unfortunately I’m not able to cover insufficient depth in this post. But I encourage you to explore, as time permits.
You can see in the screenshot above, that a number of services, including kernel, rsyslogd, and postfix have been sending log data. Let’s say that we just want to filter down on kernel and rsyslogd. To do that, we’ll use the following search expression: kernel OR rsyslogd.
This will filter the results down to what you see in the screenshot below. Unlike Loggly, the search results aren’t highlighted in this case. However, if we just used one search term, such as kernel, then they would be.
Another way to search would be to instead click on a term that you’re interested in. Logentries does a good job of highlighting key terms. So have a look over the results you have and see what options are available to filter on.
If you’d like more information on the search options available, be sure to check out the search documentation. It’s quite thorough and definitely helpful. You can search using aggregate expressions, free text, keyword expressions, logical expressions, regular expressions, and more.
And that’s how to configure your Plesk server to send it’s syslog data to the cloud-based logging service, logentries. Whilst there is a bit of manual work required to get your account setup, and the configuration ready to go, both in your account and on your server, the process is quite straight-forward.
However whilst the process is, on the whole, quite logical, it could do with an automation script to streamline the process. That said, I hope you see that there’s yet another option for sending, storing, and searching your server’s log data, one which makes it easy to stay on top of what’s happening and to respond as needed.