Papertrail is an awesome log aggregation service we’ve used for long time. There are many ways to send logs to Papertail service, but we found the following solution is the most straightforward and secure for Rails apps like ours.
- Add remote_syslog_logger to Gemfile
gem 'remote_syslog_logger'
- Configure logger in config/environments/production.rb
config.logger = ActiveSupport::TaggedLogging.new(RemoteSyslogLogger.new("localhost", 514, :program =>))
- Create papertrail.config in .ebextensions folder with following content:
--- packages: yum: rsyslog-gnutls: [] files: "/etc/rsyslog.d/01-udp.conf": mode: "000640" owner: root group: root content: | $ModLoad imudp $UDPServerRun 514 "/etc/rsyslog.d/02-papertrail-tls.conf": mode: "000640" owner: root group: root content: | $DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs $ActionSendStreamDriver gtls # use gtls netstream driver $ActionSendStreamDriverMode 1 # require TLS $ActionSendStreamDriverAuthMode x509/name # authenticate by hostname $ActionSendStreamDriverPermittedPeer *.papertrailapp.com container_commands: 01_copy_ca_certs: command: cp ./.ebextensions/papertrail-bundle.pem /etc/papertrail-bundle.pem 02_install_rsyslog_config: command: /bin/echo "*.* @@${SYSLOG_HOST}" > /etc/rsyslog.d/03-papertrail.conf 03_restart_rsyslog: command: "/sbin/service rsyslog restart"
- Download the latest Papertrail certificate into .ebextensions folder
curl https://papertrailapp.com/tools/papertrail-bundle.pem> .ebextensions/papertrail-bundle.pem
- Configure SYSLOG_HOST environment variable for each deployment environment. If you use eb_deployer you can add a new option_settings such as:
- namespace: aws:elasticbeanstalk:application:environment option_name: SYSLOG_HOST value: logs2.papertrailapp.com:xxxx
- Package, deploy and verify logs are sent to Papertrail
Basically the solution can be described as:
- Rails app sending log directly to localhost rsyslog daemon using UDP protocol. UDP is a fire-and-forget protocol, so it helps improve logging performance.
- Then syslog daemon forward logs to Papertrail syslog host using TCP with TLS encryption. Because production logs may have sensitive information we must deliver them through a reliable and secure channel.