Send Apache log to a separate loghost
In version 1.6.11 of syslog-ng, I need to send Apache logs to a different loghost than the rest of the system logs. Is that possible? If so, how? Our syslog-ng was set up quite some time ago by an admin who is no longer around. I've spent more time than I can afford trying to decipher and attempt to modify his syslog-ng.conf. Assistance from some experts would be greatly appreciated. Thanks, Lee
On 11.02.2015 23:33, Manning, Lee wrote:
In version 1.6.11 of syslog-ng, I need to send Apache logs to a different loghost than the rest of the system logs. Is that possible? If so, how?
Our syslog-ng was set up quite some time ago by an admin who is no longer around. I’ve spent more time than I can afford trying to decipher and attempt to modify his syslog-ng.conf. Assistance from some experts would be greatly appreciated.
Am I reading it right? 1.6.11? That's... ancient (2006?). This may be not the suggestion you're looking for, but I think you should start with upgrading (although if you're running syslog-ng 1.6.11, chances are the system you're running it on is even older). It might take you less time (in the long run) to configure your new syslog-ng server from scratch, using up-to-date software components, than trying to get it done in your current setup - also considering possible bugs that might have been fixed since 1.6.xx. My argument is that most of the online resources you can get help from (like, this mailing list, or blog posts, etc) may be more relevant to some decent versions of syslog-ng. But if you have to use 1.6.11, start by reading http://www.syslog.org/syslog-ng/v1/ Idea should be the similar - depending on how you get your apache logs, either separate sources and separate destinations (udp() or tcp(), I assume), or single source, and then appropriate filter to pick only apache logs and send them to your specific destination. HTH, -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
Well, 1.6.x was branched around 2004 and was maintained for some more years (until 2007 Feb). Then syslog-ng 2.0 was rewritten from scratch. (rewrite starte in 2001 the first release in 2006). So I would definitely upgrade, it's been a complete rewrite away for almost a decade. -- Bazsi On Wed, Feb 11, 2015 at 11:58 PM, Jakub Jankowski <shasta@toxcorp.com> wrote:
On 11.02.2015 23:33, Manning, Lee wrote:
In version 1.6.11 of syslog-ng, I need to send Apache logs to a different loghost than the rest of the system logs. Is that possible? If so, how?
Our syslog-ng was set up quite some time ago by an admin who is no longer around. I’ve spent more time than I can afford trying to decipher and attempt to modify his syslog-ng.conf. Assistance from some experts would be greatly appreciated.
Am I reading it right? 1.6.11? That's... ancient (2006?). This may be not the suggestion you're looking for, but I think you should start with upgrading (although if you're running syslog-ng 1.6.11, chances are the system you're running it on is even older). It might take you less time (in the long run) to configure your new syslog-ng server from scratch, using up-to-date software components, than trying to get it done in your current setup - also considering possible bugs that might have been fixed since 1.6.xx. My argument is that most of the online resources you can get help from (like, this mailing list, or blog posts, etc) may be more relevant to some decent versions of syslog-ng.
But if you have to use 1.6.11, start by reading http://www.syslog.org/syslog-ng/v1/
Idea should be the similar - depending on how you get your apache logs, either separate sources and separate destinations (udp() or tcp(), I assume), or single source, and then appropriate filter to pick only apache logs and send them to your specific destination.
HTH,
-- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Jakub Jankowski
-
Manning, Lee
-
Scheidler, Balázs