Re: [logs] Apache Logs

From: Bill Burge (billat_private)
Date: Tue Jan 29 2002 - 12:44:24 PST

Next message: William D. Colburn (aka Schlake): "Re: [logs] Apache Logs"

Previous message: Marcus J. Ranum: "Re: [logs] Apache Logs"
In reply to: rich: "Re: [logs] Apache Logs"
Next in thread: rich: "Re: [logs] Apache Logs"
Reply: rich: "Re: [logs] Apache Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you setup syslog correcty, your logs won't be "intertwingled".

You have one egrep -v to get rid of some syslog cruft.  Some other processing depending on how you want your logs to be formatted.

The advantage of not having to drop all the connections to your apache server in order to roll the logs is VERY significant if you're trying to do business via your web server.  Many things can be very stateful...  There are a couple of different ways to handle this, but not many, and they basically involve do some for of pipe ( "|" ) logging.

Since our apache servers are really firewalls (proxy for TCP:80 and TCP:443, packet filter for everything else) it was also very advisable to not have them creating log files locally for the only process that was available to an "unfiltered" world.  The apache doesn't read or write any file on the system that has direct influence by the URL submitted to it by the user.  It also moves the files to a system that can be accessed by our report writers without having to give them access to the firewall/webserver or having to find another method to move the files with an unattended system level trust such as scripted ftp or scp.

Bill Burge

*********** REPLY SEPARATOR  ***********

On 1/29/2002 at 11:39 AM rbfat_private wrote:

>> As far as the access logs go, if you're running a busy webserver, then
> > the access logs can get pretty big. What benefit does everyone perceive
> > from piping the access logs out to syslog? 
>
>Remarkably little. If there is something that you really need syslogged,
>you can tail the access log | grep interesting | logger. As you say,
>there's way too much in a busy server's access log. Another reason not
>to do this is the access logs will be intertwingled with system
>messages, confusing httpd log analyzers.
>
>I think Roy was asking would the access logs still be sent to the apache
>log area if you redirect them to syslogd, which I suspect is not the
>case unless you tee them there.
>
>-- Rich Fuchs rbfat_private (*nix systems programmer, Research
>Libraries Group)
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: loganalysis-unsubscribeat_private
>For additional commands, e-mail: loganalysis-helpat_private

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: William D. Colburn (aka Schlake): "Re: [logs] Apache Logs"
Previous message: Marcus J. Ranum: "Re: [logs] Apache Logs"
In reply to: rich: "Re: [logs] Apache Logs"
Next in thread: rich: "Re: [logs] Apache Logs"
Reply: rich: "Re: [logs] Apache Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 13:01:56 PST