Skip to main content

Circonus Logwatch

Circonus Logwatch is a small utility for extracting metrics from log files and forwarding to Circonus.

Install

  1. mkdir -p /opt/circonus/{sbin,etc,etc/log.d}
  2. Download latest release from repository (or build manually)
  3. Extract archive into /opt/circonus
  4. Create config in /opt/circonus/etc and log configs in /opt/circonus/etc/log.d

Options

$ /opt/circonus/sbin/circonus-logwatchd -h
Flags:
--api-app string [ENV: CLW_API_APP] Circonus API Token app (default "circonus-logwatch")
--api-ca-file string [ENV: CLW_API_CA_FILE] Circonus API CA certificate file (optional, Inside API server not using public certs)
--api-key string [ENV: CLW_API_KEY] Circonus API Token key or 'cosi' to use COSI config
--api-url string [ENV: CLW_API_URL] Circonus API URL (default "https://api.circonus.com/v2/")
-c, --config string config file (default is /opt/circonus/etc/circonus-logwatch.(json|toml|yaml)
-d, --debug [ENV: CLW_DEBUG] Enable debug messages
--debug-cgm [ENV: CLW_DEBUG_CGM] Enable CGM & API debug messages
--debug-metric [ENV: CLW_DEBUG_METRIC] Enable metric rule evaluation tracing debug messages
--debug-tail [ENV: CLW_DEBUG_TAIL] Enable log tailing messages
--dest string [ENV: CLW_DESTINATION] Destination[agent|check|log|statsd] type for metrics (default "log")
--dest-agent-interval string [ENV: CLW_DEST_AGENT_INTERVAL] Destination[agent] Interval for metric submission to agent (default "60s")
--dest-cid string [ENV: CLW_DEST_CID] Destination[check] Check ID (not check bundle)
--dest-id string [ENV: CLW_DEST_ID] Destination[statsd|agent] metric group ID (default "circonus-logwatch")
--dest-instance-id string [ENV: CLW_DEST_INSTANCE_ID] Destination[check] Check Instance ID
--dest-port string [ENV: CLW_DEST_PORT] Destination[agent|statsd] port (agent=2609, statsd=8125)
--dest-statsd-prefix string [ENV: CLW_DEST_STATSD_PREFIX] Destination[statsd] Prefix prepended to every metric sent to StatsD (default "host.")
--dest-tag string [ENV: CLW_DEST_TAG] Destination[check] Check search tag
--dest-target string [ENV: CLW_DEST_TARGET] Destination[check] Check target (default hostname)
--dest-url string [ENV: CLW_DEST_URL] Destination[check] Check Submission URL
-h, --help help for circonus-logwatch
-l, --log-conf-dir string [ENV: CLW_PLUGIN_DIR] Log configuration directory (default "/opt/circonus/etc/log.d")
--log-level string [ENV: CLW_LOG_LEVEL] Log level [(panic|fatal|error|warn|info|debug|disabled)] (default "info")
--log-pretty [ENV: CLW_LOG_PRETTY] Output formatted/colored log lines
--show-config Show config (json|toml|yaml) and exit
--stat-port string [ENV: CLW_STAT_PORT] Exposes app stats while running (default "33284")
-V, --version Show version and exit

Destinations

  • --dest check metrics are sent directly to the circonus broker (will create a check if --dest-cid not provided). --dest-instance-id, --dest-target, and --dest-tag can be used to customize the check created.
  • --dest agent metrics are sent to /write endpoint of local circonus-agent (http://localhost:2609/write/id) uses --dest-id to categorize the metrics. --dest-port controls the agent port (default 2609)
  • --dest statsd metrics sent to statsd listener of local circonus-agent (localhost:8125) uses --statsd-prefix for each metric name, followed by --dest-id (--dest-statsd-prefix should match circonus-agent --statsd-host-prefix to ensure metrics are routed to correct destination by the agent). --dest-port controls the agent statsd port (default 8125)

Config

Create a JSON, YAML, or TOML config in /opt/circonus/etc/circonus-logwatch.(json|yaml|toml). Or, use environment variables and/or command line parameters.

YAML with a StatsD destination (send metrics to local circonus-agent statsd listener):

---
app_stat_port: "33284"
debug: false
debug_cgm: false
debug_metric: false
debug_tail: false
log_conf_dir: /opt/circonus/etc/log.d
api:
key: circonus api token key
app: circonus-logwatch
url: 'https://api.circonus.com/v2/'
ca_file: path to api ca file, if needed
destination:
type: statsd
config:
id: circonus-logwatch
port: "8125"
statsd_prefix: "host."

JSON with a Check destination (send metrics directly to a Circonus check, a check will be created if not supplied via cid or url config settings):

NOTE: use cid or url to identify an existing check. Or, to search for a check a combination of target, search_tag and/or instance_id.

{
"api": {
"app": "circonus-logwatch",
"ca_file": "path to api ca file, if needed",
"key": "circonus api token key",
"url": "https://api.circonus.com/v2/"
},
"app_stat_port": "33284",
"debug": false,
"debug_cgm": false,
"debug_metric": false,
"debug_tail": false,
"destination": {
"type": "check",
"config": {
"cid": "check id (of existing check)",
"url": "submission url of existing check",
"target": "to find|create a check",
"search_tag": "to find|create a check",
"instance_id": "to find|create a check"
}
},
"log": {
"level": "info",
"pretty": false
},
"log_conf_dir": "/opt/circonus/etc/log.d"
}

TOML with an Agent destination (send metrics to local circonus-agent):

app_stat_port = "33284"
debug = false
debug_cgm = false
debug_metric = false
debug_tail = false
log_conf_dir = "/opt/circonus/etc/log.d"

[api]
key = "circonus api token key"
app = "circonus-logwatch"
url = "https://api.circonus.com/v2/"
ca_file = "path to api ca file, if needed"

[destination]
type = "agent"

[destination.config]
id = "circonus-logwatch"
port = "2609"

[log]
level = "info"
pretty = false

Log Configs

Create one config (JSON, YAML, or TOML) in --log-conf-dir for each distinct log. See examples in the repository.

  1. id of the log, short identifier - optional, the base file name will be used if omitted
  2. log_file path to the log
  3. metrics a list of:
    1. match regular expression to identify lines and optionally extract named subexpressions for value and metric name
    2. name a static string to use as the metric name or a template for naming the metric if named subexpressions were used in match regex
    3. type what type of metric (all numbers are 64bit)
      • c counter int
      • g gauge int or float
      • ms timing (treated as histogram) value can be a float (3.12) or duration (25ms, 3.2s, 1m10s, etc.) durations are converted to milliseconds, floats are assumed to already represent milliseconds
      • h histogram float
      • s set (ala statsd set metrics) unique string to count
      • t text string

NOTE:

  • any metric which does not have a type will be treated as a counter.
  • any metric which does not have a subexpression named 'Value' (case insensitive) will be treated as a counter.
  • named subexpressions can be used in the name template with the following syntax {{.id}} where id is the name given to a named subexpression in the match regex
  • metric names will be prefixed with the log id

Manual Build

  1. Clone repo (outside of GOPATH) git clone https://github.com/circonus-labs/circonus-logwatch && cd circonus-logwatch
  2. Build go build -o circonus-logwatchd
  3. Ensure target directories exist mkdir -p /opt/circonus/logwatch/{sbin,etc,etc/log.d}
  4. Install cp circonus-logwatchd /opt/circonus/logwatch/sbin