On 11/21/05, Esquivel, Vicente <Esquivelv@uhd.edu> wrote:
Thanks for responding. So let me make sure I am understanding what you suggested. You said that I could run SnareApache on the servers running apache, then let Snare send the Apache access logs to the local syslog on that same server then have the syslogd on that server send them to the centralized syslog server that is logging via syslog-ng? So I take it that Apache can't do it any other way without something like Snare? How much of a load does it add to a server and how difficult is it to implement?
Most sites don't use syslog for apache access logs due to the latency and load it introduces. Logging to a file uses much less overhead. For a personal site or low volume company site it might not matter (only a couple requests a second or less) but for a busy site it's a no-no. If you want network transmission something like mod_log_spread might fit the bill, but I've never used it. http://www.backhand.org/mod_log_spread/ I looked at using it when I worked for a search engine, but some tried and true periodic scp scripts were so trustworthy and simple that we never replaced them.