Send Apache Logs to Mongodb
Last updated
Last updated
This article explains how to use Fluentd's MongoDB Output plugin (out_mongo) to aggregate semi-structured logs in realtime.
Fluentd is an advanced open-source log collector originally developed at Treasure Data, Inc. Because Fluentd handles logs as semi-structured data streams, the ideal database should have strong support for semi-structured data. Several candidates meet this criterion, but we believe MongoDB is the market leader.
MongoDB is an open-source, document-oriented database developed at MongoDB, Inc. It is schema-free and uses a JSON-like format to manage semi-structured data.
This article will show you how to use Fluentd to import Apache logs into MongoDB.
The figure below shows how things will work:
Fluentd does these three (3) things:
It continuously "tails" the access log file.
It parses the incoming log entries into meaningful fields (such as ip,
path, etc.) and buffers them.
It writes the buffered data to MongoDB periodically.
For simplicity, this article will describe how to set up a one-node configuration. Please install the following software on the same node:
Apache (with the Combined Log Format)
The MongoDB Output plugin is included in the latest version of Fluentd's deb/rpm package. If you want to use RubyGems to install the plugin, please use gem install fluent-plugin-mongo.
For MongoDB, please refer to the following downloads page:
Let's start configuring Fluentd. If you used the deb/rpm package, Fluentd's config file is located at /etc/td-agent/td-agent.conf. Otherwise, it is located at /etc/fluentd/fluentd.conf.
For the input source, we will set up Fluentd to track the recent Apache logs (typically found at /var/log/apache2/access_log). The Fluentd configuration file should look like this:
Please make sure that your Apache outputs are in the default combined format. format apache2 cannot parse custom log formats. Please see the in_tail article for more details.
Let's go through the configuration line by line:
@type tail: The tail Input plugin continuously tracks the log
file. This handy plugin is included in Fluentd's core.
@type apache2 in <parse>: Uses Fluentd's built-in Apache log parser.
path /var/log/apache2/access_log: The location of the Apache log.
This may be different for your particular system.
tag mongo.apache.access: mongo.apache.access is used as the tag to route
the messages within Fluentd.
That's it! You should now be able to output a JSON-formatted data stream for Fluentd to process.
The output destination will be MongoDB. The output configuration should look like this:
The match section specifies the regexp used to look for matching tags. If a matching tag is found in a log, then the config inside <match>...</match> is used (i.e. the log is routed according to the config inside). In this example, the mongo.apache.access tag (generated by tail) is always used.
The ** in mongo.** matches zero or more period-delimited tag parts (e.g. mongo/mongo.a/mongo.a.b).
flush_interval specifies how often the data is written to MongoDB. The other options specify MongoDB's host, port, db, and collection.
For additional configuration parameters, please see the MongoDB Output plugin article. If you are using ReplicaSet, please see the MongoDB ReplicaSet Output plugin article.
To test the configuration, just ping the Apache server. This example uses the ab (Apache Bench) program:
Then, access MongoDB and see the stored data:
Fluentd + MongoDB makes real-time log collection simple, easy, and robust.
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
