Hey there,

 

I would like to know if this configuration sounds viable to you.

Right now it's not really operational performance wise.

 

What I'm basically trying to do is to have my syslog server completely synchronized to the apache access logs of my other servers.

 

On a client I have this configured:

source s_apachelogs { file("/etc/apache2/logs/test/2008-09-02-test.log"); };

destination df_apachelogs { tcp("192.168.200.4" port(1999)); };

log { source(s_apachelogs); destination(df_apachelogs); };

 

and on the server:

source s_apachelogs { tcp(ip(192.168.200.4) port(1999)); };

destination df_apachelogs { file("/var/log/apachelogs.log"); };

log {

        source(s_apachelogs);

        destination(df_apachelogs);

};

 

This is just a sample case. Later on I would like to have my server keep an /var/log/apachelogs/ directory completely identical to the logs of the other servers.

For some reason I don’t see any traffic passed over the line unless I run a /etc/init.d/syslog-ng reload which is really bizzar.

 

Thanks!