11 March 2013
In this article, you will learn how Adobe Media Server(AMS) can be configured to send logs to a remote logging server. This technique separates the software that generates messages from the system that stores them and the software that reports and analyzes them. Centralized logs management can be used for security auditing as well as generalized informational analysis, and debugging messages in clustered environments.
Adobe Media Server has a variety of log files to help you manage and troubleshoot the server. The log files track server activity, such as who is accessing the server, how users are working with applications, and general diagnostics. Logs are in W3C format. Administrators can use standard parsing tools to parse the log files.
Adobe Media Server can be configured to send logs to a remote logging server over UDP. To enable this, open the Logger.xml file in a text editor. The Logger.xml file is located in the root_install/conf folder.
In the Logger.xml file, search for the
<LogServer> tag. This tag has multiple occurrences in the Logger.xml file. You have the flexibility of sending different type of logs to different remote servers.
To enable remote logging for a particular type of log, set the enable attribute to true. Set the type of connection to use by specifying the type attribute as udp, which is the default. The section you need to edit is highlighted in Figure 1. After setting these configurations, restart the AMS Server.
Syslog is a standard for computer data logging. I have chosen it because it is installed on most Unix-based systems. The following steps demonstrate using AMS to log messages to a remote syslog server. It assumed that you have the required permissions to edit and restart services on the system where syslog is installed.
The first step in the process is to check if syslog is running on the system, or else install it. You can test if syslog is running by executing the following command:
>ps –aux |grep syslog root 30453 0.0 0.0 10124 764 ? Ss Jan25 0:00 syslogd -m 0
By default, syslogd logs messages at /var/log/messages. You can test that it's logging by running:
>logger -t ams "Hello logger"
and check if "Hello logger" is logged in /var/log/messages by using the tail command:
>tail –f /var/log/messages
Provide an additional startup parameter,
-r, to syslogd by editing /etc/sysconfig/syslog, as shown in Figure 2.
Restart the service using the following command:
Use netstat to check if syslog has started and is listening. By default, most of syslog's listening activity is over port number 514:
>netstat -a |grep syslog udp 0 0 *:syslog *:*
You can use NetCat/Nmap(ncat) to test:
>nc -u localhost 514 >Hello syslog
It should print "Hello syslog" in /var/log/messages. You should also try to send a UDP message from the system where AMS is installed. If it is a Windows system, you can use ncat (which comes with the nmap installation):
>ncat -u remote_syslog_server_ip 514
If you are not able to see the message, please diagnose further: for instance, check to see if your firewalls allow UDP packets to reach the remote logging server.
To enable remote logging for AMS access logs, in the
<LogSever> tag, set the
enable attribute to
true. Provide the syslog server IP address and port (514) and also set the connection type to UDP; then restart the AMS server. The section you need to edit is highlighted in Figure 3.
On the AMS system, open a browser of your choice and go to: http://localhost:8134/.
You should see the page shown in Figure 4:
Try to play different streams. If you're able to see logs in /var/log/messages on the remote syslog server, then your system is correctly configured.
Remote server logging is an easy and quick way to monitor and manage logs at a centralized location. This can be configured to log via UDP. Check out the following additional resources on this topic: