sentlog
is a command-line tool that can read arbitrary text files (e.g., webserver or database logs), search for specific user-defined patterns, and report the findings to Sentry.
Sentry provides SDKs for a lot of different platforms and frameworks. However, you might also want to use Sentry for parts of your infrastructure that were not developed by you, or don't have an integration with Sentry (yet): databases, web servers, and even operating system kernels. What do these tools have in common? They normally have some sort of output (i.e. logs), where both regular events and errors are usually logged. So why not parsing those logs and look for entries that look like errors? We can do that. And what platform do we usually use for error management? Sentry, of course!
And this is when sentlog
steps in.
sentlog
binaries can be downloaded from GitHub releases.
usage: sentlog [<flags>] [<file>]
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
-p, --pattern=PATTERN Pattern to look for
--dry-run Dry-run mode
--no-follow Do not wait for the new data
--from-line=-1 Start reading from this line number
-c, --config=CONFIG Path to the configuration
-v, --verbose Print every match
Args:
[<file>] File to parse
sentlog
can operate in two modes:
- Basic: filename and pattern are specified on the command line
- Advanced: using the configuration file provided by
--config
argument
The following example shows how you can run sentlog
in Basic mode.
export SENTLOG_SENTRY_DSN="https://[email protected]/YYY" # Your Sentry DSN
sentlog /var/log/postgresql/postgresql-9.6.log \
-p '^%{DATESTAMP:timestamp}.*FATAL:.*host "%{IP:host}", user "%{USERNAME:user}", database "%{WORD:database}"'
...will watch the PostgreSQL log (/var/log/postgresql/postgresql-9.6.log
) for events that look like this:
2019-05-21 08:51:09 GMT [11212]: FATAL: no pg_hba.conf entry for host "123.123.123.123", user "postgres", database "testdb"
sentlog
will extract the timestamp, IP address, username, and database from the entry, and will add them as tags to the Sentry event.
---
# Sentry DSN (also can be configured via environment)
sentry_dsn: https://[email protected]/YYY
# Additional Grok pattern files
pattern_files:
- ./patterns1.txt
- ../patterns2.txt
# List of files that we want to watch
inputs:
- file: /var/log/nginx/error.log
# Patterns to find and report
patterns:
- "%{NGINX_ERROR_LOG}"
# Additional tags that will be added to the Sentry event
tags:
pattern: nginx_error
custom: tag
sentlog
uses Grok patterns to match your data. A cool thing about Grok expressions is that they can be nested, which lets you to define complex matching expressions based on smaller building blocks (example).
This Grok debugger can be quite helpful when preparing your Grok expressions: https://grokdebug.herokuapp.com/