Hi, Centralizing logs is a good thing, but to also have non syslog-aware application log to a syslog daemon is generally a poor option. Depending on the amount of logs, there could very well be performance issues when logging from, for instance, apache to syslog. It might work very well in your case, but I'd rather focus on collecting all logs in a central site (i.e. a log server), and perform the 'consolidating' off-line. Naturally, your options depend on your requirements - what do you want to use the logs for? Security, statistics, performance monitoring etc? Afaik, it is possible to pipe the apache logs to any command, which could replicate each log line to a syslog daemon. On Linux you could probably use the 'logger' utility. The following is untested, but should work, assuming you're on linux. Edit your httpd.conf and add the following: CustomLog "| logger -i -p local7.info" combined That is, pipe all logs through the 'logger' utility with the facility and level of your choice, and log using the 'combined' log format. Just to get you started, anyway... ~Mike > On Behalf Of David Lynum > I'm setting up a central log server. My question concerns modifying > the syslog.conf file for both the client and central log servers. I > want to monitor apache access and error logs, as well as qmail and > qmail scanner log files. I'm new to setting up syslog servers, so I > need some help. By doing searchs on google I know, in general, how > to setup both the client and central log servers. I just can't > figure out how to specifically log apache/qmail/qmail-scanner logs. > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Mar 30 2004 - 23:49:43 PST