[syslog-ng] Apache Syslog-ng/Syslog-ng newbie
catenate
infosec at gmail.com
Mon Nov 21 22:56:37 CET 2005
On 11/21/05, Esquivel, Vicente <Esquivelv at uhd.edu> wrote:
>
> Thanks for responding.
> So let me make sure I am understanding what you suggested.
> You said that I could run SnareApache on the servers running apache, then
> let Snare send the Apache access logs to the local syslog on that same
> server then have the syslogd on that server send them to the centralized
> syslog server that is logging via syslog-ng?
> So I take it that Apache can't do it any other way without something like
> Snare?
> How much of a load does it add to a server and how difficult is it to
> implement?
>
Most sites don't use syslog for apache access logs due to the latency and
load it introduces. Logging to a file uses much less overhead. For a
personal site or low volume company site it might not matter (only a couple
requests a second or less) but for a busy site it's a no-no.
If you want network transmission something like mod_log_spread might fit the
bill, but I've never used it.
http://www.backhand.org/mod_log_spread/
I looked at using it when I worked for a search engine, but some tried and
true periodic scp scripts were so trustworthy and simple that we never
replaced them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051121/89bf7079/attachment.html
More information about the syslog-ng
mailing list