$ sudo initctl start honeytail
$ sudo systemctl start honeytail
$ honeytail -c /etc/honeytail/honeytail.conf
Our connector pulls your PostgreSQL logs into Honeycomb for analysis, so you can finally get a quick handle on the database queries triggered by your application logic. It surfaces attributes like:
Honeycomb is unique in its ability to calculate metrics and statistics on the fly, while retaining the full-resolution log lines (and the original query that started it all!).
Note: This document is for folks running PostgreSQL directly. If you are running PostgreSQL on RDS, check out our RDS connector page to set up your RDS instance instead.
The agent you will use to translate logs to events and send them to Honeycomb is called honeytail
.
Before running honeytail
, you will want to turn slow query logging on for all queries if possible.
To turn on slow query logging, edit your postgresql.conf
and set:
log_min_duration_statement = 0
log_statement='none'
Note: log_statement
indicates which types of queries are logged, but is superseded when setting log_min_duration_statement
to 0
, as this effectively logs all queries.
Setting log_statement
to any other value will change the format of the query logs in a way that is not currently supported by the Honeycomb PostgreSQL parser.
Alternatively, you can set this from the psql
shell by running
ALTER SYSTEM SET log_min_duration_statement=0;
ALTER SYSTEM SET log_statement='none';
SELECT pg_reload_conf();
Finally, take note of the value of the log_line_prefix
configuration line. It will look something like this:
log_line_prefix = '%t [%p-%l] %q%u@%d '
On your PostgreSQL host, download and install the latest honeytail
by running:
# Download and install the AMD64 debian package
wget -q https://honeycomb.io/download/honeytail/v1.6.2/honeytail_1.6.2_amd64.deb && \
echo '620e189973c8930de22d24dc7d568ac5b2a41af681f03bace69d9c6eba3c0a15 honeytail_1.6.2_amd64.deb' | sha256sum -c && \
sudo dpkg -i honeytail_1.6.2_amd64.deb
# Download and install the ARM64 debian package
wget -q https://honeycomb.io/download/honeytail/v1.6.2/honeytail_1.6.2_arm64.deb && \
echo 'c2c844f51b9f29f6809b63b2554bbe9a045a8ff1b3e745ae050a46408244fa06 honeytail_1.6.2_arm64.deb' | sha256sum -c && \
sudo dpkg -i honeytail_1.6.2_arm64.deb
# Download and install the rpm package
wget -q https://honeycomb.io/download/honeytail/v1.6.2/honeytail-1.6.2-1.x86_64.rpm && \
echo 'c41bb62a97c0dd3af12cdc6bf2982aec82e58889e35479eb2b6c2b2106a33179 honeytail-1.6.2-1.x86_64.rpm' | sha256sum -c && \
sudo rpm -i honeytail-1.6.2-1.x86_64.rpm
wget -q -O honeytail https://honeycomb.io/download/honeytail/v1.6.2/honeytail-linux-amd64 && \
echo '6476024603b308e54469552b9f17161b5847a30bfe2137ed88ee5a9e7f6204fa honeytail' | sha256sum -c && \
chmod 755 ./honeytail
wget -q -O honeytail https://honeycomb.io/download/honeytail/v1.6.2/honeytail-linux-arm64 && \
echo '208843f6a01b94a848e192744be09c364e1d49e73447cb441f23ea2e5709f68c honeytail' | sha256sum -c && \
chmod 755 ./honeytail
wget -q -O honeytail https://honeycomb.io/download/honeytail/v1.6.2/honeytail-darwin-amd64 && \
echo 'bfd74588062fd2333f04c0878103d94fb542e4b91456ae5c8c10e6ad309286c7 honeytail' | shasum -a 256 -c && \
chmod 755 ./honeytail
# Build from latest source after setting up go
git clone https://github.com/honeycombio/honeytail
cd honeytail; go install
The packages install honeytail
, its config file /etc/honeytail/honeytail.conf
,
and some start scripts. Build honeytail
from source if you need it in an unpackaged form or for ad-hoc use.
Make sure you have enabled query logging before running honeytail
.
To consume the current slow query log from the beginning, run:
honeytail \
--writekey=YOUR_API_KEY \
--dataset=postgres-queries --parser=postgresql \
--postgresql.log_line_prefix=YOUR_LOG_LINE_PREFIX \
--file=/var/log/postgresql/postgresql-9.5-main.log \
--tail.read_from=beginning
First, check out honeytail
Troubleshooting for general debugging tips.
--debug
does not seem to show anything useful Take a look at the --file
being handed to honeytail
and make sure it contains PostgreSQL query statements.
An example excerpt from a PostgreSQL log file might look like:
2017-11-10 23:24:01 UTC [1998-1] LOG: autovacuum launcher started
2017-11-10 23:24:01 UTC [2000-1] [unknown]@[unknown] LOG: incomplete startup packet
2017-11-10 23:24:02 UTC [2003-1] postgres@postgres LOG: duration: 4.356 ms statement: SELECT d.datname as "Name",
pg_catalog.pg_get_userbyid(d.datdba) as "Owner",
pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding",
d.datcollate as "Collate",
d.datctype as "Ctype",
pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges"
FROM pg_catalog.pg_database d
ORDER BY 1;
Also check that the value you are passing in the --postgresql.log_line_prefix
flag matches PostgreSQL’s configured value, which you can find using SHOW log_line_prefix
at a psql
prompt:
# SHOW log_line_prefix;
log_line_prefix
---------------------
%t [%p-%l] %q%u@%d
If your log file looks like a normal PostgreSQL output log but honeytail
is still failing to send events to Honeycomb, let us know!
We are available to help anytime via email or chat
.
To run honeytail
continuously as a daemon process, first modify the configuration file /etc/honeytail/honeytail.conf
and uncomment and set:
ParserName
to postgresql
WriteKey
to your API key, available from the account pageLogFiles
to the path for your PostgreSQL log file.Dataset
to the name of the dataset you wish to create with this log file.Then start honeytail
using upstart
or systemd
:
$ sudo initctl start honeytail
$ sudo systemctl start honeytail
$ honeytail -c /etc/honeytail/honeytail.conf
You may have archived logs that you would like to import into Honeycomb.
If you have a log file located at /var/log/postgresql/postgresql-main.log
, you can backfill using this command:
honeytail \
--writekey=YOUR_API_KEY \
--dataset=PostgreSQL \
--parser=postgresql \
--file=/var/log/postgresql/postgresql-main.log \
--postgresql.log_line_prefix=YOUR_CONFIGURED_LOG_LINE_PREFIX \
--backfill
This command can be used at any point to backfill from archived log files.
You can read more about honeytail
’s backfill behavior here.
Note: honeytail
does not unzip log files, so you will need to do this before backfilling.
Once you have finished backfilling your old logs, we recommend transitioning to the default streaming behavior to stream live logs to Honeycomb.
While we believe strongly in the value of being able to track down the precise query causing a problem, we understand the concerns of exporting log data, which may contain sensitive user information.
With that in mind, we recommend using honeytail
’s PostgreSQL parser, but adding a --scrub_field=query
flag to hash the concrete query
value.
The normalized_query
attribute will still be representative of the shape of the query, and identifying patterns including specific queries will still be possible—but the sensitive information will be completely obscured before leaving your servers.
More information about dropping or scrubbing sensitive fields can be found here.
Honeytail is open source and Apache 2.0 licensed.
Did you find what you were looking for?