Describes how to use CWP centralised logging

The logs for each environment you have on CWP are collected and stored in a centralised installation of Graylog.

You can access Graylog using your CWP log-in at the following URL: https://logs.cwp.govt.nz/.

In order to gain access to these logs please raise a general support request with the CWP Service Desk.

We provide a stream for each environment. Streams are where you can view and query the stored logs. These include Apache, PHP, and any custom events that you want to log.

Searching

Each search requires a time period to search and query strings (the default is 5 minutes). The query string uses Graylog's query syntax which you can find out more about by reading Graylog documentation.

To get you started with Graylog there are some predefined searches you can select from the top right corner. These are:

  • Apache Access Logs
  • PHP Errors (Notice, Warning, Fatal)

Following are a couple of examples on search queries:

  • Find logs of a certain type:

    log_type:apache

  • Find web requests for the url "/about-us/":

    http_url:"/about-us/"

  • Find web requests that begins with "/about-us/":

    http_url:\/about-us\/*

    Note that the following characters needs to be escaped with a backslash:

    && || : \ / + - ! ( ) { } [ ] ^ " ~ * ?

  • Find web requests that resulted in a 5xx error response: http_response:>=500

  • Find web requests that resulted in a 4xx error response:

    http_response:(>=400 AND <500)

Log types

CWP environments will automatically write several log types which can be searched with the log_type keyword in Graylog, as long as the project includes the cwp-core module.

  • SilverStripe_log: standard log output of the Framework, will capture all events occurring after successful Framework bootstrap. This includes uncaught exceptions and any Injector::inst()->get(LoggerInterface::class)->... events.
  • SilverStripe_audit: audit trail of security-related events provided by the silverstripe/auditor module.
  • apache: apache access logs.
  • apache-errors: errors reported by Apache, which could include mod_php segmentation faults.
  • php: PHP errors logged by the PHP binary directly, such as command-line PHP execution.

Analysis of logs

Graylog provides several tools to analyse your search results. To analyse a field from your search results, expand the field in the search sidebar and click on the button of the analysis you want to perform. search analysis

Field statistics

You can compute different statistics on your fields, to help you better summarise and understand the data in them.

The statistical information consists of: total, mean, minimum, maximum, standard deviation, variance, sum, and cardinality. On non-numeric fields, you can only see the total amount of messages containing that field, and the cardinality of the field, i.e. the number of unique values it has.

field_statistics

Quick values

You can use quick values to help you find out the distribution of values for a field. Alongside a graphic representation of the common values contained in a field, Graylog will display a table with all different values, allowing you to see the number of times they appear. You can include any value in your search query by clicking on the magnifying glass icon located in the value row. quick values

Field graphs

You can create field graphs for any numeric field, by clicking on the Generate chart button in the search sidebar. Using the options in the Customize menu on top of the field graph, you can change the statistical function used in the graph, the kind of graph to use to represent the values, the graph interpolation, as well as the time resolution.

field graphs

For more information see Graylog analysis documentation.

Logging custom events

The recipes are configured to send all logs to syslog, which are then accessible through Graylog. The recommended way to log events on CWP is through the SilverStripe logging API:

use Psr\Log\LoggerInterface;
use SilverStripe\Core\Injector\Injector;

// ...

Injector::inst()->get(LoggerInterface::class)->notice('Something seems to have happened');

For more information on general usage of the Framework's logging subsystem, see the logging in SilverStripe documentation.

Custom audit trail

Aside from regular logs, you can add custom events to the audit trail. Please follow the instructions provided with the silverstripe/auditor module.

Was this article helpful?