One of the things I used to do when I hosted billimek.com on my own box was keep a window open tailing the apache log file. On my own server I could control how apache logged things. When hosting on my own box I have the freedom to configure it however I want. Apache has the ability to log with hostname lookup enabled at the time of logging. This is nice because when glancing at the logs, I want to see if a hit is from fbi.gov instead of something like 61.121.58.90.
1&1 has Apache configured such that it doesn’t log with hostname lookup. I found a way around this by piping the logs through a program designed specifically to address this (called ‘logresolve’). They probably don’t do DNS lookups for performance reasons. If it’s a high-traffic site you don’t want apache spending all of its time doing DNS lookups.
Fortunately 1&1 gives you direct read access to the access_log file from apache with all traffic to your site. Unfortunately, they have it on a daily rotation, so at midnight (EST), the log file is closed and rolled off and gzipped.
Originally I planned on just having a window sshed into my account on 1&1’s server. In that window, I would do a simple:
[code]tail -f `ls access.log* | tail -1` | jdresolve | colorize[/code]
To break it down, this would run a tail -f on the ‘last’ access_log file (since there are older, rolled-off, logs), then pipe it to jdresolve to replace the IP’s with vanity domain names, and then pipe it through colorizer to give the output in color.
All of this would run on the 1&1 server. After a while I realized that this wasn’t the best solution because the process would get killed after about four hours. I think they have something running to keep long-running processes from going on too long - I’m not sure.
I had also tried doing something with catting the access_log file to a named pipe and then working off of that, but that didn’t work too well either because jdresolve refused to even begin parsing until after the input file was closed, and the named pipe never closes. What a mess.
So I came up with another solution. From my local linux box, I will ssh into the 1&1 box and run a remote command (’tail -f `ls access.log* | tail -1`’). I then pipe that output (locally) to logresolve and then pipe that output to colorize. So in essence, the only thing I’m doing remotely is a tail command. I’m doing all of the ‘heavy lifting’ (logresolve and colorize) locally. It works out fairly well.
One snag is that if I control-c out of the ssh remote command, it leaves the remote processes running in a zombie state that I have to manually kill. One way around this is to force pseudo-terminal allocation (with the -t switch for ssh), but that doesn’t work either because then my remote tail command gets killed after a while.
I didn’t have any meetings today at work which was a nice change. Things were a bit slow since it was the first day back from our holiday.
When I left work I went to the shopping center at the corner of Delk and Powers Ferry road and got a haircut. After the haircut, I went shopping.
0 Responses to “logging”
Leave a Reply