Log storage: Graylog Logstore

logstore_graylog
Maintained by Picture of Binoj DBinoj D
Logstore plugin for moodle to ship logs to graylog or other log backends which supports the GELF format. This plugin requires that you have a working Graylog/GELF compatible log management node. Graylog can be downloaded for free from graylog2.org. Transport protocols TCP and UDP are supported.
12 sites
9 downloads
2 fans
Current versions available: 1

Logstore plugin for moodle to ship logs to graylog or other log backends which supports the GELF format. This plugin requires that you have a working Graylog node. Graylog can be downloaded for free from graylog2.org. Transport protocols TCP and UDP are supported.

Log timestamp in Graylog is directly taken from moodle log entry's timecreated. Useful when importing logs from moodle to graylog in a live moodle installation.

The array in other column in standard logstore is sent as a JSON string as of now. Users can use the "JSON Extractor" feature of Graylog in the other field to store them as separate fields in Graylog.


Potential privacy issues

Transmits log data over network. TLS encryption is not yet implemented. Please use VPN or some form of tunneling if not sending data over trusted network.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2

Contributors

Picture of Binoj D
Binoj D (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Comments

  • Me!
    Thu, Dec 15, 2016, 5:01 PM
    Thanks for submitting this plugin. I've started looking at it and will have some feedback for you soon.
  • Me!
    Fri, Dec 16, 2016, 9:45 AM
    Thanks again - I've finished looking at this plugin. This looks like a very nicely written plugin that does one thing very well. I used a docker container to setup Graylog which was pretty easy to setup. Installing this plugin was simple and I had no problems getting it to work.

    Suggestions for improvement:
    1. if the graylog server is not available or not configured correctly yet, this plugin can trigger fatal php exceptions. (PHP Fatal error: Uncaught RuntimeException: Incomplete write: Only 0 of 287 written in /home/damyon/moodles/integration_master/moodle/admin/tool/log/store/graylog/vendor/graylog2/gelf-php/src/Gelf/Transport/StreamSocketClient.php). I think it's worth catching exceptions in this case as it will cause ajax requests to fail etc.
    2. The lock in the scheduled task is unnecessary. Scheduled tasks are locked already so no 2 nodes will ever be running the same scheduled task at the same time.

    These suggestions are very minor and I recommend this plugin is approved in it's current state.
  • Picture of Binoj D
    Fri, Dec 16, 2016, 8:02 PM
    Thanks for your valuable suggestions.

    I've removed the unnecessary lock and also now catching the RuntimeException raised when Graylog server is not available when the plugin is configured to use TCP Transport. I have also added a new TCP Timeout setting, in case the plugin is configured to use a TCP Transport along with realtime mode. If Graylog is not available or is responding slowly, this should help reduce the page load time to, at worst case, the configured timeout value.

    One improvement which can be helpful with Graylog availability, provided the plugin is configured properly, is to have a scheduled task hit the Graylog availability API every minute/every 5 minutes and update availability in the config table, so that in realtime mode, the plugin can skip flushing if Graylog is down. Suggestions/Feedbacks please?
  • Picture of Johan Thomas
    Mon, Oct 16, 2017, 9:39 PM
    Thanks for this great plugin ! Really helps us for statistics, analytics with lookup tables in Graylog.
    We have multiple instances of Moodle, is there a way to have a field with the instance name ? (or how to handle it ?)
Please login to post comments