Not sure on that last post. Each webserver's vhosts name the logs in the following manner (ws = webserver);<br>ws1.sitename.com-access<br>ws1.sitename,com-error<br>ws1.othersite.com-access ... and so on. <br><br>So I simply want to send every file (rather than logging local) to goto the central. When I look at the central, I will have only log folder with;<br>
ws1.sitename.com-access<br>ws2.sitename.com-access ... and so on<br><br>The post above noticed I was doing a folder (/var/log/apache2) where I don't know if you can say for the source /var/log/apache2/* or something.<br>
<br>I am also puzzled as this to me is a real basic thing. Take ALL apache logs and send to remote box. No-one has come and said, here is my config and it works fine. Just something that I can look at an entire server and client to see how it's done (which is why I posted mine).<br>
<br>Really thought this was an easy thing. Even using webmin. There is no clear cut, a server is setup like this, remote client like that. Fustrating is not even the start of how to describe this, but thanks for all replies so far.<br>
<br><div class="gmail_quote">On Tue, Jul 21, 2009 at 3:44 AM, Siem Korteweg <span dir="ltr"><<a href="mailto:Siem.Korteweg@qnh.nl">Siem.Korteweg@qnh.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Lance,<br>
<br>
Depending on how you want to process the collected logfiles, you can also<br>
configure Apache:<br>
<br>
ErrorLog syslog:local1<br>
CustomLog "|/usr/bin/logger -t apache -i -p local6.notice" combined<br>
<br>
This can be done global (for all virtual hosts) or per virtual host. How to<br>
add the name of the virtual host to the messages in the access logs can be<br>
found here: <a href="http://httpd.apache.org/docs/2.0/logs.html" target="_blank">http://httpd.apache.org/docs/2.0/logs.html</a><br>
<br>
All that remains to be done is to forward syslog from the client with the<br>
webservers to the syslog-ng server.<br>
<br>
regards,<br>
<br>
Siem Korteweg<br>
<br>
-----Oorspronkelijk bericht-----<br>
Van: <a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a> namens lance raymond<br>
Verzonden: di 21-7-2009 4:07<br>
Aan: Syslog-ng users' and developers' mailing list<br>
Onderwerp: Re: [syslog-ng] Before the basic 101 questions<br>
<div><div></div><div class="h5"><br>
Joe, thanks for the update. Yes, that is the directory name. Now<br>
regarding the "file", I will start a little more reading, but I don't think<br>
I would have to do this for each file right? This server (along with the<br>
others in the cluster) have 12 or so virtual sites, each with it's own<br>
access and error log, so that would be at least 24 'file' sources. Is there<br>
a way to wildcard it?<br>
<br>
Also, (I know this too is a basic Q) but are these defined on the<br>
server/client or both? I still don't see how they mesh, but soon, oh soon<br>
when that light comes on!<br>
<br>
Thanks<br>
<br>
On Mon, Jul 20, 2009 at 8:38 PM, Fegan, Joe <<a href="mailto:Joe.Fegan@hp.com">Joe.Fegan@hp.com</a>> wrote:<br>
<br>
> I'm no apache expert, but I think /var/log/apache2 is the name of a<br>
> directory that contains apache log files, right? But you have defined it as<br>
> a unix-stream source:<br>
><br>
> source inputs { internal();<br>
> unix-stream("/var/log/apache2");<br>
> udp();<br>
> tcp(max_connections(100)); };<br>
><br>
> unix-stream is for reading a socket, not a directory, so this can't work...<br>
><br>
> You can use "file" sources for individual files in that directory..<br>
><br>
> ------------------------------<br>
> *From:* <a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a> [mailto:<br>
> <a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a>] *On Behalf Of *lance raymond<br>
> *Sent:* 20 July 2009 21:52<br>
> *To:* Syslog-ng users' and developers' mailing list<br>
> *Subject:* Re: [syslog-ng] Before the basic 101 questions<br>
><br>
> ok, here is the update. I have built a standalone ubuntu box to be the<br>
> central server so now have that I can 'play' with. It's a clean<br>
install,and<br>
> really not sure what to do as this list seems to be the best resource. So,<br>
> I would think you can specify 'a' logfile, but I need ALL the apache logs<br>
> centrally located, so going to say, take everything from /var/log/apache2<br>
> and send it to the central log server.<br>
><br>
> The central log server as I said is a default setup, due to size, I copied<br>
> them up to a play webserver, the server can be seen here;<br>
</div></div>> server.conf <<a href="http://www.darkerforce.com/server.conf" target="_blank">http://www.darkerforce.com/server.conf</a>><br>
<div class="im">> and the client here (the only thing changed is the remote IP)<br>
</div>> client.conf <<a href="http://www.darkerforce.com/client.conf" target="_blank">http://www.darkerforce.com/client.conf</a>><br>
<div><div></div><div class="h5">><br>
> When left like that and syslog-ng is started on the client I get the<br>
> following;<br>
><br>
> Error binding socket; addr='AF_UNIX(/var/log/apache2)', error='Address<br>
> already in use (98)'<br>
> Error initializing source driver; source='inputs'<br>
><br>
> As I said before, I am not looking for anything complex, etc. Just want<br>
> ALL the weblogs to goto one box which is really the function of syslog-ng.<br>
> I am sure there is one or two things that need a tweak, and I can go from<br>
> there.<br>
><br>
> Thanks.<br>
><br>
><br>
> On Wed, Jul 15, 2009 at 3:45 AM, Sandor Geller <<br>
> <a href="mailto:Sandor.Geller@morganstanley.com">Sandor.Geller@morganstanley.com</a>> wrote:<br>
><br>
>> Hi,<br>
>><br>
>> On Tue, Jul 14, 2009 at 10:06 PM, lance raymond<<a href="mailto:lance.raymond@gmail.com">lance.raymond@gmail.com</a>><br>
>> wrote:<br>
>> > What I thought of was to make each file unique;<br>
>> > ws = webserver;<br>
>> ><br>
>> > ws1.domain.com-access_log<br>
>> > ws2.domain.com-access_log<br>
>> ><br>
>> > and just write them each to an nfs share.<br>
>><br>
>> It'd not the name of the files which matter. When a single process<br>
>> (like syslog-ng) writes to a file then NFS behaves well. The problems<br>
>> start when there are multiple processes trying to access the same<br>
>> file. Disabling attribute caching in the NFS client could help, but<br>
>> this could have a big impact on performance.<br>
>><br>
>> > Not flaming the group at all, actually Bazsi your name shows up more<br>
>> than<br>
>> > any of my normal mail :) But, I have tried twice with a reply or two,<br>
>> and<br>
>> > once conf files were sent up and/or shown the thread died. I see some<br>
>> very<br>
>> > intersting questions, answers on the group and it would be nice to see<br>
>> some<br>
>> > of these things, but really, I am talking about a handful of webservers<br>
>> > (nothing fancy) just to write to a central log and it's not working.<br>
>> The<br>
>> > basic syslog @server worked perfect, since the platform updates, just<br>
>> not<br>
>> > working, but I appreciate the reply.<br>
>><br>
>> So could you please tell what is the actual problem?<br>
>><br>
>> Regards,<br>
>><br>
>> Sandor<br>
>><br>
>><br>
_____________________________________________________________________________<br>
_<br>
>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>> Documentation:<br>
>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
>><br>
>><br>
><br>
><br>
><br>
_____________________________________________________________________________<br>
_<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
><br>
><br>
<br>
</div></div><br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
<br></blockquote></div><br>