• Home
  • blog
  • Sending PHP Event Messages to Remote Logstash on Windows

Sending PHP Event Messages to Remote Logstash on Windows

By opening this article you’ve endeavored yourself to expanding your knowledge of PHP applications as part of event-based distributed systems. You’ll be given a quick intro into what we are referring to when we say event messages, what Logstash is, and why it is so cool.

If you’ve already heard of Beats or understand you can run Logstash locally to ship logs to another Logstash instance or directly to a datastore such as Elasticsearch, this article is still for you and will show you an easy-to-configure-and-run, hopefully more effective and certainly fun-to-use alternative.

Logging and analytics with graphs illustration

Quick Intro into Event Messages and Logstash

With event messages, we gather information about events that occur in our applications, be it business-oriented decisions of the applications’ users, decisions made by the applications themselves, or their failures. Each event, besides the message it conveys, is typically determined by a timestamp and a type such as informational, warning or error. A record of an event is an event log.

Additionally, there’s also Event Sourcing – a somewhat different but also somewhat similar concept which you may want to check out.

There are many tools built specifically for the purpose of shipping logs to datastores for later analysis and making knowledge-based decisions. Logstash is one of them, and because of the vast number of input, output, codec and filter plugins it offers, the most popular. Out of the box, it can read from Heroku app logs, GitHub webhooks or Twitter Streaming API, create new events and send them to Graylog, IRC, or JIRA.

The event messages would ordinarily be of interest to the users of your applications, too. In an application, one page would generate events and another one would display them in an aggregated form.

Let’s consider an example where the first page publishes new blog posts and the other one lists all blog posts related to PHP that have been published in the last month. The application could have talked to a relational database directly for both read and write. But with event messages it is decoupled from the database so other subscribers can be added easily, e.g. an email list or a more performant datastore like Elasticsearch.

Publishing Events

For quick comparison, let’s first consider event publishing on Linux with Rsyslog, the favorite syslog of many computer systems.

Running this simple oneliner will write “Hello Wold!” to syslog.

php -r "openlog('greeting', LOG_NDELAY, LOG_USER); syslog(LOG_INFO, 'Hello World!');"

Since both Rsyslog and Logstash use RELP, a TCP based protocol for reliable delivery of event messages, sending that message to Logstash requires adding only two short statements to the Rsyslog configuration file.

$ModLoad omrelp
if $source == 'PHP-5.5.37' then :omrelp:centralserv:2514

provided that Logstash is listening on centralserv, port 2514.

Continue reading %Sending PHP Event Messages to Remote Logstash on Windows%