Thanks for responding. So let me make sure I am understanding what you suggested. You said that I could run SnareApache on the servers running apache, then let Snare send the Apache access logs to the local syslog on that same server then have the syslogd on that server send them to the centralized syslog server that is logging via syslog-ng? So I take it that Apache can't do it any other way without something like Snare? How much of a load does it add to a server and how difficult is it to implement? Thanks! Vince ________________________________ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Brian Bemis Sent: Monday, November 21, 2005 2:39 PM To: 'Syslog-ng users' and developers' mailing list' Subject: RE: [syslog-ng] Apache Syslog-ng/Syslog-ng newbie For the error logs, logging to syslog (or syslog-ng) is built into Apache. For the access logs, try SNARE for Apache: http://www.intersectalliance.com/projects/SnareApache/index.html You can use this in conjunction with syslog-ng. It will send you're apache logs to the syslog daemon on the local system, then all you have to do it set up syslog-ng to forward the logs to a central server and separate them according to the server sending the logs. This is all built into syslog-ng. b ________________________________ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Esquivel, Vicente Sent: Monday, November 21, 2005 8:39 AM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] Apache Syslog-ng/Syslog-ng newbie Hello all, I am new to this list, I am seeking some help on how to setup syslog-ng as a central log server. More importantly I am wanting to know how to log all of my Apache servers to the central log server, but also create separate logs for each of the systems. For example I am looking to do something like this: Apache1 /var/log/Apache1/httpd/access.log /var/log/Apache1/httpd/error.log Apache2 /var/log/Apache2/httpd/access.log /var/log/Apache2/httpd/error.log Apache3 /var/log/Apache3/httpd/access.log /var/log/Apache3/httd/error.log and so on. Thanks all in advance Vince
On 11/21/05, Esquivel, Vicente <Esquivelv@uhd.edu> wrote:
Thanks for responding. So let me make sure I am understanding what you suggested. You said that I could run SnareApache on the servers running apache, then let Snare send the Apache access logs to the local syslog on that same server then have the syslogd on that server send them to the centralized syslog server that is logging via syslog-ng? So I take it that Apache can't do it any other way without something like Snare? How much of a load does it add to a server and how difficult is it to implement?
Most sites don't use syslog for apache access logs due to the latency and load it introduces. Logging to a file uses much less overhead. For a personal site or low volume company site it might not matter (only a couple requests a second or less) but for a busy site it's a no-no. If you want network transmission something like mod_log_spread might fit the bill, but I've never used it. http://www.backhand.org/mod_log_spread/ I looked at using it when I worked for a search engine, but some tried and true periodic scp scripts were so trustworthy and simple that we never replaced them.
I think you understood me correctly. The local syslogd could actually be syslog-ng if you want, it doesn't really matter (I use syslog-ng on both ends). It's not too hard to implement (I did have to modify the source code of Snare in order to get AWStats to interpret the log files), but besides that it was pretty easy. As far as the load goes, I'm not really sure since right now the only 2 servers I'm using it on are not high load servers. I hope that helps. Brian _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Esquivel, Vicente Sent: Monday, November 21, 2005 3:50 PM To: Syslog-ng users' and developers' mailing list Subject: RE: [syslog-ng] Apache Syslog-ng/Syslog-ng newbie Thanks for responding. So let me make sure I am understanding what you suggested. You said that I could run SnareApache on the servers running apache, then let Snare send the Apache access logs to the local syslog on that same server then have the syslogd on that server send them to the centralized syslog server that is logging via syslog-ng? So I take it that Apache can't do it any other way without something like Snare? How much of a load does it add to a server and how difficult is it to implement? Thanks! Vince _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Brian Bemis Sent: Monday, November 21, 2005 2:39 PM To: 'Syslog-ng users' and developers' mailing list' Subject: RE: [syslog-ng] Apache Syslog-ng/Syslog-ng newbie For the error logs, logging to syslog (or syslog-ng) is built into Apache. For the access logs, try SNARE for Apache: http://www.intersectalliance.com/projects/SnareApache/index.html You can use this in conjunction with syslog-ng. It will send you're apache logs to the syslog daemon on the local system, then all you have to do it set up syslog-ng to forward the logs to a central server and separate them according to the server sending the logs. This is all built into syslog-ng. b _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Esquivel, Vicente Sent: Monday, November 21, 2005 8:39 AM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] Apache Syslog-ng/Syslog-ng newbie Hello all, I am new to this list, I am seeking some help on how to setup syslog-ng as a central log server. More importantly I am wanting to know how to log all of my Apache servers to the central log server, but also create separate logs for each of the systems. For example I am looking to do something like this: Apache1 /var/log/Apache1/httpd/access.log /var/log/Apache1/httpd/error.log Apache2 /var/log/Apache2/httpd/access.log /var/log/Apache2/httpd/error.log Apache3 /var/log/Apache3/httpd/access.log /var/log/Apache3/httd/error.log and so on. Thanks all in advance Vince
participants (3)
-
Brian Bemis
-
catenate
-
Esquivel, Vicente