Repository
Munin (contrib)
Last change
2018-08-02
Keywords
Language
Perl

apache_logparser

Readme

This is a logfile watcher for apache, it monitors a log dir for access logs and saves some stats to shared memory. Munin can then fetch and reset the stats periodically.

Just start it once, it runs as a daemon and polls logs every n sec keeping track of changes to the logs. Filelist is read on startup and on defined scan_intervals. File position is recorded and logs are checked for truncate/delete (for performance reasons).

Requires perl modules File::Tail::Multi Storable IPC::ShareLite Munin::Plugin (optional Data::Dumper)

You can use it in parallel to the pipelogger if that suits you better, the stats are merged in shared mem. Both ways should show decent performance, the pipelogger works in RAM only, but writes no logs.

Installation

Install to /usr/share/munin and run it as root

configure the variables below:

$dir path to your logfiles $files file-glob to find access logs $site regexp to find sitename from logfile name $statefile file to save last log position for tail $nsec tail and write to shared mem every n seconds $debug dump tallied data every n seconds, print every log line parsed $scan_interval rescan for new log files every n minutes

#!/usr/bin/perl

=head1 README

This is a logfile watcher for apache, it monitors a log dir for access logs and saves some stats to shared memory.
Munin can then fetch and reset the stats periodically.

Just start it once, it runs as a daemon and polls logs every n sec keeping track of changes to the logs.
Filelist is read on startup and on defined scan_intervals. File position is recorded and logs are checked for truncate/delete (for performance reasons).

Requires perl modules File::Tail::Multi Storable IPC::ShareLite Munin::Plugin (optional Data::Dumper)

You can use it in parallel to the pipelogger if that suits you better, the stats are merged in shared mem.
Both ways should show decent performance, the pipelogger works in RAM only, but writes no logs.


=head1 INSTALLATION

Install to /usr/share/munin and run it as root

configure the variables below:

$dir		path to your logfiles
$files		file-glob to find access logs
$site		regexp to find sitename from logfile name
$statefile	file to save last log position for tail
$nsec		tail and write to shared mem every n seconds
$debug		dump tallied data every n seconds, print every log line parsed
$scan_interval	rescan for new log files every n minutes
=cut

# config
my $dir = "/logs/apache_logs";
my $files = "*access_log";
my $site = "(.*)-access_log";
my $statefile = "/tmp/logstate";
`touch $statefile` unless (-f $statefile);
local $nsec=7;
local $debug=0;

my $scan_interval=5; # minutes

# perl modules
# "File:Tail:Multi" disappeared from CPAN (somewhen in 2016) - thus it needs
# to be imported carefully (for travis checks).
eval 'use File::Tail::Multi; 1;' or die 'Please install File::Tail::Multi';
use Storable qw(freeze thaw);
use List::Util qw(min max);
use IPC::ShareLite ':lock';
require Data::Dumper if $debug;
use Munin::Plugin;

# shared mem
local $share = IPC::ShareLite->new(
	-key     => 'mapl',
	-create  => 1,
	-destroy => 1,
	-exclusive => 0,
	-mode => '0666'
) or die $!;

# drop stored data on reload
$share->store( freeze {} );

# tail log files
my $tail=File::Tail::Multi->new (
  Files=>["$dir/$files"],
  ScanForFiles=>$scan_interval,
  Debug=>0,
  LastRun_File => $statefile,
  RemoveDuplicate=>0,
  NumLines=>0,
  OutputPrefix=>"f"
);

# read to current position
$tail->read;

# register counting function
$tail->Function(\&count);

local $temp;
my ($file,$ip,$logname,$user,$rtime,$method,$request,$protocol,$status,$bytes,$referer,$useragent,$time);
sub count {
        foreach $_ (@{shift()})  {
        if ((()=/"/g)==2) {
          # common with filename prefix, optionally add time and vhost at the end
          ($file,$ip,$logname,$user,$rtime,$method,$request,$protocol,$status,$bytes,$time,$vhost)=/^(.*?)\s:\s(.*?)\s(.*?)\s(.*?)\s\[(.*?)\]\s"(.*)\s(.*?)\s(.*?)"\s(\d*)\s(\S*)\s?(\S*)\s?(\S*?)$/o;
        }
        elsif ((()=/"/g)==6) {
          # combined with filename prefix, optionally add time and vhost at the end
          ($file,$ip,$logname,$user,$rtime,$method,$request,$protocol,$status,$bytes,$referer,$useragent,$time,$vhost)=/^(.*?)\s:\s(.*?)\s(.*?)\s(.*?)\s\[(.*?)\]\s"(.*)\s(.*?)\s(.*?)"\s(\d*?)\s(.*?)\s"(.*?)"\s"(.*?)"\s?(\S*)\s?(\S*)$/o;
        };

	#find sitename
	$file=~s/$site/$1/;
	$file=$vhost if $vhost;

	# skip broken lines
	next unless $file;

	# sitename to munin fieldname
	my $vpm=clean_fieldname("$file");
	$temp{$vpm}{'label'}="$file";
	$temp{$vpm}{'label'}=~s/www\.//;

	# count all requests
	$temp{$vpm}{'requests'}++;

	if ($bytes) {
	 $bytes=~s/-/0/;
 	 # bytes transmitted
	 $temp{$vpm}{'bytes'}+=$bytes;

	 # max bytes
	 $temp{$vpm}{'max_bytes'}=max($temp{$vpm}{'max_bytes'},$bytes) || 0;

         # average bytes
         $temp{$vpm}{'avg_bytes'}=$temp{$vpm}{'bytes'}/$temp{$vpm}{'requests'} || 0;
	}

	# count by status / error code
	$temp{$vpm}{"status"}{$status}++ if $status;

	if ($time) {
	  # microsec to millisec
	  $time=sprintf("%d",$time/1000);

  	  # min/max execution time
  	  $temp{$vpm}{'max_time'}=max($temp{$vpm}{'max_time'},$time) || 0;

  	  # cumulative execution time
  	  $temp{$vpm}{'time'}+=$time;

          # average time
          $temp{$vpm}{'avg_time'}=$temp{$vpm}{'time'}/$temp{$vpm}{'requests'} || 0;
        }

        };
};


while (1) {
        # tail files, calls &count with linearray
        $tail->read;

        # begin transaction
        $share->lock(LOCK_EX);

        # get data (may be updated by other loggers too)
        my %old=eval{%{thaw($share->fetch)}};              # using eval to suppress thaw error on empty string at the first run

        foreach my $vpm (keys %temp){
                # merge values
                $old{$vpm}{'label'}=$temp{$vpm}{'label'};
                $old{$vpm}{'bytes'}+=$temp{$vpm}{'bytes'} if $temp{$vpm}{'bytes'};
                $old{$vpm}{'requests'}+=$temp{$vpm}{'requests'} if $temp{$vpm}{'requests'};
                $old{$vpm}{'time'}+=$temp{$vpm}{'time'} if $temp{$vpm}{'time'};
                # avoid div by zero
                my $div=($old{$vpm}{'requests'} <1)?1:$old{$vpm}{'requests'};
                # recalc average on merged data for multiple datasources, use local average after purge/restart
                $old{$vpm}{'avg_time'}=($old{$vpm}{'avg_time'}>0)?sprintf("%d",($old{$vpm}{'time'}+$temp{$vpm}{'time'})/$div):sprintf("%d",$temp{$vpm}{'avg_time'});
                $old{$vpm}{'avg_bytes'}=($old{$vpm}{'avg_bytes'}>0)?sprintf("%d",($old{$vpm}{'bytes'}+$temp{$vpm}{'bytes'})/$div):sprintf("%d",$temp{$vpm}{'avg_bytes'});
                $old{$vpm}{'max_time'}=max($old{$vpm}{'max_time'},$temp{$vpm}{'max_time'}) || 0;
                $old{$vpm}{'max_bytes'}=max($old{$vpm}{'max_bytes'},$temp{$vpm}{'max_bytes'}) || 0;

                # reset local counters
                foreach my $check (qw(requests bytes time max_bytes avg_bytes max_time avg_time)) {
                        $temp{$vpm}{$check}=0;
                }

                # reset status counts
                foreach my $val (keys %{$temp{$vpm}{'status'}}) {
                        $old{$vpm}{'status'}{$val}+=$temp{$vpm}{'status'}{$val};
                        $temp{$vpm}{'status'}{$val}=0;
                }

        };

        # save to shm
        print Data::Dumper::Dumper(%old) if $debug;
        $share->store( freeze \%old );
        # end transaction
        $share->unlock;

        # parse/write every n seconds (plus processing time)
        sleep $nsec;
}