kOn Tue, Aug 26, 2014 at 10:34 AM, Mike Reed <mjohn.r...@gmail.com> wrote:
> I suppose I have two questions: > > 1. Is there a simple way to push messages to a file other than > /var/log/syslog on an Ubuntu machine? > I think the rsyslog Ramin mentioned is a good way to filter. > 2. Is there a preferred way in the community by which people aggregate > logs to make troubleshooting nodes issues easier to manage? > I use syslog forwarding to a central log collector and then use rsyslog collector to separate the Puppet events to their own file. I feed the files into Splunk. I also have a Puppet report-processor that logs via syslog with the data in a key=value format, which is automatically extracted by Splunk but might be useful for other log event management systems: https://forge.puppetlabs.com/wcooley/cimlog_report This only handles data from the agent (but it logged by the master); the master can still have errors and data outside of the agents' reports that's useful. For example, the catalog compile time is logged by the master and some failures only show up on the master; analysing the Apache (or whatever HTTP/Rack server you use) is also useful analysing what is being most frequently requested. I have a Splunk app I've written (but never quite finished enough to push to Splunk-base): https://github.com/wcooley/splunk-puppet Much of this can be done with PuppetDB and Erik Dalen's demo Puppet Explorer looks like it handles much of the visualization too. Wil -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMmm3r6bk7bqYb5GfFArLjMdHpOpAQ_JnQrcr0jmMX%2Bg82E31A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.