close
Loggly1

Loggly DashboardLoggly is a Logging as a Service provider that’s become very popular lately. Loggly allows Applications and Systems to write log data into the cloud using various application libraries. But at a very basic level you can post log data to Loggly’s RESTful API. Loggly then provides a dashboard for searching and filtering log data. Alerts can also be created to notify you of different log events occurring.

In Powershell we’ve all logged information to the Windows Eventlog or even text files. But if you’re running multiple scripts on multiple servers, logging to each server’s Event Log quickly becomes unwieldy. Writing logs to a central location is much more useful. A cloud service is perfect for this, and Loggly does it well.

Using Loggly in Powershell

After setting up my account with Loggly, which was a very smooth process, I started reading their documentation for how to submit log data. Loggly provides a .NET Driver that’s available through Nuget that would work in Powershell. But I had two problems with this approach. It required .NET 3.5, which may not be on some of the older servers. And I usually try to keep additional DLL dependencies to a minimum in my scripts. So I decided to just POST to the RESTful service and this turned out to work very well. Loggly has a pretty large list of libraries support most popular frameworks.

I wrote up a test script on my laptop using the Invoke-WebRequest cmdlet. I decided to send data in JSON format instead of a flat string. I created fields for the server name running the script, Category of script, and Log Level. Using Loggly’s search features I could slice and dice this data later. The script was pretty straight forward, but when I tested on a server I remembered Invoke-WebRequest was introduced in Powershell v3, and some of the servers only had v2. If you only have Powershell v3, I’d use this method. But if you have a mix, keep reading.

$logglyURI = "http://logs-01.loggly.com/inputs/LOGGLY-KEY/tag/http/"

function Send-Loggly($log, $lvl)
{
   Invoke-WebRequest -Uri $logglyURI -Body '{"Message":"' + $log + '", "Server":"' + $env:computername + '","Category":"ApplicationLogScan","Level":"' + $lvl + '"}' -ContentType "content-type:application/x-www-form-urlencoded" -Method Post
}

Send-Loggly "Test Message from Powershell" "Information"

To make this backwards compatible with Powershell v2 I decided to just use the .NET WebClient class. Using the UploadString to POST my log message worked very well.

$logglyURI = "http://logs-01.loggly.com/inputs/LOGGLY-KEY/tag/http/"

function Send-Loggly($log, $lvl)
{
	$client = New-Object System.Net.WebClient
	$response = $client.UploadString($logglyURI,'{"Message":"' + $log + '", "Server":"' + $env:computername + '","Category":"ApplicationLogScan","Level":"' + $lvl + '"}')
    Write-Host "Loggly: " $response
}

Send-Loggly "Test Message from Powershell" "Information"

Loggly3In the end it’s a very nice solution for handling logging in Powershell. Loggly provides a free account that allows for 200MB of data to be sent with a 7 day retention. So there’s not reason not to start trying Loggly out in your next Powershell script.

Tags : automationdevopslogglypowershell
Byron Pate

The author Byron Pate

  • Nice! Curious to see what type of data you are posting to API. I’m currently working on get-winevents ¦ convertto-Json then post to the Loggly bulk upload API. It’s working but I’m trying to find the best/fastest way to post each individual event. Would love to hear your experiences if you are doing similar 🙂

  • I’ve been logging custom events that are the result of other scripts. Like search the event logs of several servers for a certain eventid, if you find it write my own JSON message to Loggly. To me, sending all the events to Loggly was overkill. But I do agree being able to search all that data through Loggly is a nice feature. I’m not sure if there’s a faster way than what your’re doing for bulk upload. Maybe export all the events to CSV and upload the file? I’d have to check Loggly documentation to see if that’s possible.