Log Management with Graylog: Send Log Events to Graylog

Read how to send log events to Graylog with Wonolog.

Due to the log management with Graylog you can administrate all log events at one place. Through Monolog Inpsyde\Wonolog offers a large number of possibilities to send log events to the most different end points. Besides to a short overview over Graylog I want to give you some tips how to use our package Wonolog to send your log events to Graylog.

What’s Graylog?

Graylog is an Open Source LMS (Log Management System) to collect, indicate and analyze data. In order to store and scan the data, Graylog uses Elasticsearch and MongoDB. Graylog can be enhanced easily. Moreover, it already offers a lot of additional functionalities via Plugins.

Why use Graylog?

That’s a good question and you can certainly discuss the answer. In short: We want to have a central place where log events are collected and evaluated.

Wonolog writes log events into a file on the server by default. Unfortunately, this one has to be analyzed manually to find e.g. errors. Graylog automates this task. Moreover it offers the possibility to us to react early to occurrences with the help of so-called “triggers” and “alerts”. Triggers can be created on various of data fields like log level (error, critical, fatal, …) or channels (e.g. “plugin X”) and can cause appropriate alerts like “Send an email to person X”. Graylog administrates all of this centrally, without the need for an adjusted source code. In addition to that, Graylog offers a WebUI with authentification, user management and a customizable dashboard.

Send Data

In oder do send data to Graylog you need to enhance Wonolog’s bootstrap process by passing Monolog\Handler\GelfHandler as first argument. However, this one needs a publisher interface as first argument. For this purpose we need to load an external package graylog2/gelf-php via composer as Monolog doesn’t offer that initially. Simply install the package via composer:

$ composer require graylog2/gelf-php

So our mu plugin contains this code:

<?php declare( strict_types=1 ); # -*- coding: utf-8 -*-
/**
 * Plugin Name: Inpsyde advent calendar logging
 */namespace Inpsyde\AdventCalendar\Logging;

use Gelf\Publisher;
use Gelf\Transport\TcpTransport;
use Monolog\Handler\GelfHandler;

$func = '\Inpsyde\Wonolog\bootstrap';
if ( ! function_exists( $func ) ) {
       return;
}

$host    = getenv( 'GRAYLOG_HOST' );
$port    = getenv( 'GRAYLOG_PORT' );
$handler = ( $host && $port )
       ? new GelfHandler(
              new Publisher(
                    new TcpTransport( $host, $port )
              )
       )
       : NULL;

$func( $handler );

We use ambient variables to configure Gaylogs’s host and the port. Due to that we can use different hosts in dependence of the system we want to use (e.g. live, stage or DEV). Ambient variables can be set in the .env file by the use of, for example, WPStarter. In case the host or the port isn’t configured, Wonolog falls back to the default handler.