I agree that it is much preferred to
NOT use apache's built in file logging. Apache can log its error
log to syslog ... which is great, but it can not log its access
log, or mod_jk log or others.
We wanted the ability to be able to
recreate log files at a syslog destination for web site analytics
(which some tools require) so we wrote a small perl program that
takes
a couple of arguments for the log type
(access, error, mod_jk etc) and for the site name. Then we stick
them into the log with a syslog ident/tag of httpd and a message
of the form
${log_type}: ${site_name}: {$message}
where the message is the full message
produced by apache using the normal apache log format
specification.
One of the advantages of using live
central logging like this is that I can "see/watch" all of the
logs for a "site_name" when the site is being run on a load
balanced pool of apache servers.
The other advantage is that I can
stream these to my analytics system and generate log files of the
original apache format
access_log-${site_name}.log
error_log-${site_name}.log
which can then be consumed by the
analytics engine.
Just my $0.02 for anyone that likes it
:-)
Evan
On 3/26/19 7:14 AM, Nik Ambrosch wrote:
I would like to replace apache's file logger entirely,
using syslog-ng to write to both network and local disk
instead of just using apache to write to disk and syslog-ng to
write to network.
I would follow the files using the
wildcard-file() source, possibly with marking them up with
apache specific name-value pairs that we extract from
filenames and/or content.
How are people managing their apache access logs
using syslog-ng these days - still just piping through
logger? I'm looking to take over logging entirely
using syslog-ng, not just reading files from disk and
sending to ES or something.
In the past I've used cronolog, which works fine,
but I'd love the flexibility of sending the logs
through syslog-ng.