LoggerFS: A LAMP Case Study and HowTo

Submitted by Vlad on Tue, 10/16/2007 - 18:23.

In this follow up to LoggerFS: A Revolutionary Approach to Logging, I will guide you through a complete installation of LoggerFS on a RedHat Enterprise Linux 5 LAMP server running stock RHEL5 software to store Apache combined log format logs, including the installation of FUSE and creation of the MySQL LoggerFS database.

Requirements

Obviously this guide is geared towards a RHEL5 system, but parts of it may be compatible with other systems, including RHEL4 and CentOS. While the installation of FUSE does not require one to reboot a system, you may find it necessary depending on the kernel version of your system.

Throughout this guide, I will assume you have the following:

A RedHat Enterprise Linux 5 Server or Workstation with an up-to-date kernel (at the time of this writing, 2.6.18-8.1.14.el5 is the latest kernel)
Root access to said system
The latest available PHP, MySQL, and Apache packages available to RHEL5 via the yum interface. Other versions will probably work, but for the sake of consistency I will emphasize the versions listed below and their dependencies:
1. http
2. mysql-server
3. php
and finally, I will assume that you've previously configured (or can configure on your own after installation) MySQL and Apache.

Before you begin...

Make sure you've installed the latest kernel:

[root@localhost ~] # yum -y install kernel
...
Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 kernel                  i686       2.6.18-8.1.14.el5  rhel-i386-server-5   12 M
Removing:
 kernel                  i686       2.6.18-8.el5     installed          34 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       1 Package(s)

Total download size: 12 M

And have installed the necessary packages for your LAMP server:

[root@localhost ~] # yum -y install httpd php mysql mysql-server php-mysql
...
Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 httpd                   i386       2.2.3-7.el5      rhel-i386-server-5  1.1 M
 mysql                   i386       5.0.22-2.1.0.1   rhel-i386-server-5  3.0 M
 mysql-server            i386       5.0.22-2.1.0.1   rhel-i386-server-5   10 M
 php                     i386       5.1.6-15.el5     rhel-i386-server-5  1.2 M
 php-mysql               i386       5.1.6-15.el5     rhel-i386-server-5   83 k
Installing for dependencies:
 apr                     i386       1.2.7-11         rhel-i386-server-5  123 k
 apr-util                i386       1.2.7-6          rhel-i386-server-5   76 k
 aspell                  i386       12:0.60.3-7.1    rhel-i386-server-5  940 k
 aspell-en               i386       50:6.0-2.1       rhel-i386-server-5  1.6 M
 gmp                     i386       4.1.4-10.el5     rhel-i386-server-5  665 k
 mailcap                 noarch     2.1.23-1.fc6     rhel-i386-server-5   15 k
 perl-DBI                i386       1.52-1.fc6       rhel-i386-server-5  605 k
 perl-DBD-MySQL          i386       3.0007-1.fc6     rhel-i386-server-5  147 k
 php-cli                 i386       5.1.6-15.el5     rhel-i386-server-5  2.2 M
 php-common              i386       5.1.6-15.el5     rhel-i386-server-5  140 k
 php-pdo                 i386       5.1.6-15.el5     rhel-i386-server-5   61 k
 postgresql-libs         i386       8.1.9-1.el5      rhel-i386-server-5  196 k

Transaction Summary
=============================================================================
Install     17 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 23 M

The following packages will be required to build LoggerFS:

[root@localhost ~] # yum -y install boost-devel make gcc-c++ pkgconfig libxml2-devel

Finally it might also be a good idea to get your system fully up-to-date if you haven't already done so:

[root@localhost ~] # yum -y update

Installing the FUSE Module

Before we can use LoggerFS, we need to get the FUSE module installed. Since LoggerFS is based on FUSE, you'll need to also install the FUSE libraries and FUSE development files, so that you can compile LoggerFS. Use the links below to download them from rpm.pbone.net

FUSE Kernel Modules [x86_64] [i386]
FUSE Development [x86_64] [i386]
FUSE Libraries [x86_64] [i386]

Check that the kernel module loads properly:

[root@localhost ~] # modprobe fuse && dmesg | tail
fuse: no version for "struct_module" found: kernel tainted.
fuse init (API version 7.8)
fuse distribution version: 2.7.0

Downloading and Installing LoggerFS

We now have all the pieces needed to compile and install LoggerFS, except of course for LoggerFS itself.

Download LoggerFS (the latest version as of this writing is 0.5) from the [url=http://sourceforge.net/project/platformdownload.php?group_id=200449]LoggerFS SourceForge Page[/h2].

Compilation and installation should be familiar to those with prior Linux experience. Be sure to include the proper flags for configure; you'll need to use --with-mysql for MySQL support, but if you wish you can also specific --with-postgresql for PostgreSQL support:

[root@localhost ~] # tar -xvzf loggerfs-0.5.tar.gz
loggerfs-0.5/
loggerfs-0.5/conf/
...
loggerfs-0.5/src/fusexx.hpp
[root@localhost ~] # cd loggerfs-0.5
[root@localhost loggerfs-0.5] # ./configure --with-mysql --prefix=/
...
config.status: creating config.h
config.status: executing depfiles commands
[root@localhost loggerfs-0.5] # make && make install

Once installation is completed (if it fails, make sure you've installed mysql, boost-devel, make, gcc-c++, and libxml2-devel!) you can begin configuring LoggerFS for your system!

Preparing Apache for LoggerFS

Out of the box, very little needs to be done to Apache for it to work with LoggerFS. The most important thing is to remember that in order for LoggerFS to process the apache logs, the logs have to be where we mount LoggerFS to. For the apache installation in RHEL5, this is the /var/log/httpd[i] directory. If you use vhosts, you'll want to be sure to make these logs inside of this directory, ie, in your vhost, you'd have something like [i]CustomLog "/var/log/httpd/MyServerName_access_log". You'd then set the <location> to MyServerName_access_log in the LoggerFS logs.xml file, as shown in the example below.

For your first installation, you may also wish to move the error_log (ie, set ErrorLog /tmp/error_log in httpd.conf) file to a temporary location, or else Apache will fail to start:

[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: (5)Input/output error: httpd: could not open error log file /etc/httpd/logs/error_log.
Unable to open logs                           [FAILED]

Preparing MySQL for LoggerFS

Your database schema is reflected in the regular expression from the LoggerFS schemas.xml configuration file. This is probably the most difficult part, as it requires understanding of regular expressions, which most novices are unfamiliar with.

Since LoggerFS will automatically create the table and columns, we only need to instruct MySQL to create a database and user with permissions on that database. We'll name our database myApacheLogs and create a user to insert data into it named apachelogger and use s3cr3tp4zzw0rd as the password. The SQL statements below will do this for us:

DROP DATABASE IF EXISTS myApacheLogs;
CREATE DATABASE myApachelogs;
GRANT ALL ON myApacheLogs.* TO 'apachelogger'@'localhost' IDENTIFIED BY 's3cr3tp4zzw0rd';

Now start MySQL by running # /etc/init.d/mysqld start- it has to be running before you can use LoggerFS!

Configuring LoggerFS

As you may recall, there are only two configuration files for LoggerFS: logs.xml and schemas.xml. When using the --prefix=/ configure option, these logs are stored in /etc/loggerfs; otherwise they will be placed in /usr/local/etc/loggerfs. Throughout this tutorial I'll expect them to be installed in /etc/loggerfs.

Let's create these files from scratch for practice. Either delete or zero the existing configuration files:

# rm -f /etc/loggerfs/*
or
# echo "" > /etc/loggerfs/logs/xml; echo "" > /etc/loggerfs/schemas.xml

We'll start with logs.xml. RHEL5 stores Apache log files in /var/log/httpd and all Log paths in httpd.conf are relative to that path, so we'll set the log file location to simply access_log. Apache by default (at least in RHEL5) uses combined format, so we'll call our schema apache_combined. Since the apache server will need permission to write to these log files, we'll trust that the user apache and anyone in the apache group with write permissions by settings <permissions> to 0220. Obviously we're using MySQL for our LAMP server, so we'll say MySQL is listening on localhost and on the default port (3306). Finally, we set the database, username, and password to match what we created when setting up MySQL:

<logs>
     <log>
          <location>access_log</location>
          <uid>apache</uid>
          <gid>apache</gid>
          <permissions>0220</permissions>
          <schemas>apache_combined</schemas>
          <database-software>mysql</database-software>
          <database>myApacheLogs</database>
          <table>accessLogs</table>
          <server>localhost</server>
          <port>3306</port>
          <username>apachelogger</username>
          <password>s3cr3tp4zzw0rd</password>
     </log>
</logs>

Example 1: logs.xml for Apache Combined Format.

Onto schemas.xml. When creating this file, it's important to consider the data you're trying to log; for example, here's an apache line in Combined Format:

67.202.12.183 - - [07/Oct/2007:12:09:52 -0700] "GET / HTTP/1.0" 403 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

First, we identify what parts of the line are important to us; what do we want to log? Then we write our regular expression out and give each match a column name. For our LAMP server, the following will suffice as a regular expression:

(\S+) (\S+) (\S+) \[.+\] "(.+)"+ (\S+) (\S+) "(\S+)" "(.+)"$

Now we'll name each match of the regular expression. These names will become the column names of the accessLogs table (specified above in logs.xml).

dst_ip,logname,authname,request,http_status,bytes,referer,user_agent

We've already named this schema apache_combined in the logs.xml, so we have everything we need to create our schemas.xml file:

<schemas>
  <schema>
    <name>apache_combined</name>
    <regex>(\S+) (\S+) (\S+) \[.+\] "(.+)"+ (\S+) (\S+) "(\S+)" "(.+)"$</regex>
    <columns>dst_ip,logname,authname,request,http_status,bytes,referer,user_agent</columns>
  </schema>
</schemas>

Example 2: schemas.xml for Apache Combined Format.

Running and Testing LoggerFS

Now that we're done setting the config files, we can mount the LoggerFS partition, start apache, and test!

Be sure to delete any existing logs from /var/log/httpd or LoggerFS will complain. The command to mount a LoggerFS file system is not unlike that for other FUSE-based file systems:

[root@localhost loggerfs]# loggerfs /var/log/httpd
Loading //etc/loggerfs/logs.xml
[root@localhost loggerfs]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
...
fuse on /var/log/httpd type fuse (rw,nosuid,nodev)
[root@localhost ~]# ls -l /var/log/httpd/
--w--w---- 1 apache apache 0 Dec 31  1969 access_log
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd:                                    [  OK  ]

Now that apache is running, just generate some traffic on your server! You can view what kind of traffic you're experiencing with the following command:

# mysql -e 'select * from accessLogs limit 5' -u apachelogger -Ps3cr3tp4zzw0rd -p myApacheLogs

If you see a bunch of text spit out that looks vaguely like apache log data, you're done!

Bookmark/Search this post with:

sky

Submitted by anonymous bastard on Sun, 01/04/2009 - 01:35.

I am so happy to get some wow gold from my friends. They know I need World of Warcraft Gold, they give me. So I always can get some warcraft gold from my friends. I buy wow gold with my spare money. I can still earn some cheap wow gold.

hunny

Submitted by anonymous bastard on Wed, 12/24/2008 - 04:07.

I think they are funny in my life cheap Perfect World Gold
potbs gold

Post new comment

Subject:

Comment: *

Input format

Filtered HTML

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <br>
Lines and paragraphs break automatically.
Use  to create page breaks.
You may post code using <code language="LANGUAGE">...</code> tags.

BBCode

You can use BBCode help in the text, URLs will be automatically converted to links
Lines and paragraphs break automatically.
Use  to create page breaks.
You may post code using <code language="LANGUAGE">...</code> tags.
Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA

This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?: *

Copy the characters (respecting upper/lower case) from the image.

The Open Source Journal

User login

Recent blog posts