RE: [logs] Central log server for Apache and qmail log files

From: Mike Blomgren (mike.blomgren@private)
Date: Tue Mar 30 2004 - 23:47:28 PST


Centralizing logs is a good thing, but to also have non syslog-aware
application log to a syslog daemon is generally a poor option. Depending on
the amount of logs, there could very well be performance issues when logging
from, for instance, apache to syslog. It might work very well in your case,
but I'd rather focus on collecting all logs in a central site (i.e. a log
server), and perform the 'consolidating' off-line.

Naturally, your options depend on your requirements - what do you want to
use the logs for? Security, statistics, performance monitoring etc?

Afaik, it is possible to pipe the apache logs to any command, which could
replicate each log line to a syslog daemon. On Linux you could probably use
the 'logger' utility.  The following is untested, but should work, assuming
you're on linux. Edit your httpd.conf and add the following:

CustomLog "| logger -i -p" combined

That is, pipe all logs through the 'logger' utility with the facility and
level of your choice, and log using the 'combined' log format.

Just to get you started, anyway...


> On Behalf Of David Lynum

> I'm setting up a central log server.  My question concerns modifying 
> the syslog.conf file for both the client and central log servers.  I 
> want to monitor apache access and error logs, as well as qmail and 
> qmail scanner log files.  I'm new to setting up syslog servers, so I 
> need some help.  By doing searchs on google I know, in general, how 
> to setup both the client and central log servers.  I just can't 
> figure out how to specifically log apache/qmail/qmail-scanner logs.

LogAnalysis mailing list

This archive was generated by hypermail 2b30 : Tue Mar 30 2004 - 23:49:43 PST