utexas/utexas_pantheon_logs_http

Client for the UTexas Pantheon Logs HTTP API.

Maintainers

Details

github.com/utdk/utexas_pantheon_logs_http

Homepage

Source

Issues

Installs: 76 550

Dependents: 2

Suggesters: 0

Security: 0

Stars: 3

Watchers: 3

Forks: 2

Type:drupal-custom-module

2.0.0 2023-04-07 19:49 UTC

Requires

GPL-2.0-or-later 35e586bb212402bcb6e485aeae3da0b048515246

drupal

This package is auto-updated.

Last update: 2024-04-28 22:27:00 UTC

README

Provides JSON event pushing to Splunk Logs via the tag/http endpoint.

This module is based on the Logs HTTP contrib module, which wass designed as a generalized solution for pushing Watchdog logs to an HTTP endpoint such as Logstash, or paid services such as Loggly.

This custom fork adds needed functionality to allow Watchdog logs on a Pantheon-hosted site to be pushed to the UT Austin Splunk instance via a Splunk HTTP Event Collector (HEC).

The HTTP connection code has been modified to meet the requirements of Pantheon's Secure Integration platform feature, which allows the messages to be sent over an existing secure tunnel between Pantheon and the UT Austin network.

This module also allows the use of a secure token which is required for connection to the Splunk HEC. See (Splunk) HTTP Event Collector (HEC) for more information about HEC configuration.

The configuration that is provided, consists of variables which make the connection between Pantheon logs and Splunk, the variables are:

  • Endpoint: The Splunk URL which is "pinged" with the event Post request
  • Secure integration constant name: A Pantheon specific constant which holds a port that is required to build the URL (along with the endpoint) to connect into Splunk
  • Watchdog Severity: The watchdog severity level value, which is set to log anything between Info and Error (anything but debug messages)

There is one last variable needed, but no provided by default for the field: Splunk HTTP Event Collector Token.

Requirements

  • Drupal 9
  • Existing Pantheon Secure Integration configuration, configured with the IP address and port number of the UT Austin Splunk instance
  • Existing Splunk HTTP Event Collector, configured with allow-list of Pantheon IP addresses provided by the Secure Integration configuration.

How to use

After enabling the module, default config will be set at admin/config/services/logs-http-client.

The Splunk HTTP Event Collector Token, will need to be uploaded via SFTP (if not provisioned by Jenkins), which can be found in Stache as Splunk HEC Token PantheonAppLogs. The new file has to be named splunk_settings.json, has to be uploaded into /files/private/splunk, and has to have the following format:

{
	"splunk_settings":{
		"splunk_hec_token":"[the-token-value]"
	}
}

Once this is set, any subsequent watchdog logging shall send logs into Splunk. To verify that the site is logging data correctly, you can go to admin/config/services/logs-http-client and look for a message at the top stating if the Splunk Auth token was either found or not found. Or, access this Splunk link and replace the request_uri parameter with https://yourpantheonsite.pantheonsite.io/*. If you get a hit while searching results, the module has beeen configured correctly.

Debugging

Using the Logger class to print notices on your watchdog logs is the best way to debug this module's content.