[syslog-ng] Apache + syslog-ng w/o logger?
Balazs Scheidler
bazsi at balabit.hu
Sat Feb 6 15:54:27 CET 2010
Hi,
why not configure apache to send its logs directly to syslog?
for example:
http://www.oreillynet.com/pub/a/sysadmin/2006/10/12/httpd-syslog.html
On Fri, 2010-02-05 at 14:30 -0800, Brian Donaldson wrote:
> Thanks for the suggestions Jim & Lance. I'm running CentOS 5 using
> the default logger. I did try what Lance suggested: restarting
> syslog-ng w/ log_msg_size set to 65K in the options section (both the
> client and server). However, echo'ing a 8192 character string to
> logger resulted in several fragments. Guess it's on to Jim's
> suggestion...
>
> On Fri, Feb 5, 2010 at 3:00 AM, <syslog-ng-request at lists.balabit.hu>
> wrote:
> Send syslog-ng mailing list submissions to
> syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
> syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
> syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more
> specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
> 1. Re: config file question (Rory Toma)
> 2. Apache + syslog-ng w/o logger? (Brian Donaldson)
> 3. Re: Apache + syslog-ng w/o logger? (Jim Hendrick)
> 4. Re: Apache + syslog-ng w/o logger? (Lance Laursen)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 04 Feb 2010 16:52:52 -0800
> From: Rory Toma <rory at ooma.com>
> Subject: Re: [syslog-ng] config file question
> To: Zolt?n Pallagi <pzolee at balabit.hu>
> Cc: Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu>
> Message-ID: <4B6B6BE4.30109 at ooma.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 2/2/10 4:49 AM, Zolt?n Pallagi wrote:
> > Hi Rory,
> >
> > Will you tell me the current naming of your log files? I
> don't know
> > the real reason for many log files, but as Robert said,
> perhaps, there
> > are another easier solutions to avoid it.
> >
> We maintain one log file per client per day, in directory
> buckets of
> 2000 clients.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100204/f3d5ca02/attachment-0001.htm
>
> ------------------------------
>
> Message: 2
> Date: Thu, 4 Feb 2010 17:00:39 -0800
> From: Brian Donaldson <briantd at gmail.com>
> Subject: [syslog-ng] Apache + syslog-ng w/o logger?
> To: syslog-ng at lists.balabit.hu
> Message-ID:
>
> <9f5bff671002041700l5b1d5153kd315cc428ed58ab0 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> My goal is to enable Apache to log large access_log entries (>
> 1024 chars)
> to a syslog-ng server. The vast majority of examples I've
> seen for
> connecting Apache to syslog-ng employ the
> ancient /usr/bin/logger -- but
> that approach chops up messages longer than 1024 chars. The
> alternative
> approach is to use a perl/python script, but I'm nervous about
> the overhead.
> Anyone know of an updated logger binary?
>
> Thanks for any pointers,
> -Brian
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100204/20dc3677/attachment-0001.htm
>
> ------------------------------
>
> Message: 3
> Date: Thu, 4 Feb 2010 20:23:43 -0500
> From: "Jim Hendrick" <jrhendri at maine.rr.com>
> Subject: Re: [syslog-ng] Apache + syslog-ng w/o logger?
> To: "'Syslog-ng users' and developers' mailing list'"
> <syslog-ng at lists.balabit.hu>
> Message-ID: <FB.84.23327.E137B6B4 at hrndva-omtalb.mail.rr.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Would using syslog-ng directly work? (pointing it at the
> access_log file)
>
> Jim
>
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Brian
> Donaldson
> Sent: Thursday, February 04, 2010 8:01 PM
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Apache + syslog-ng w/o logger?
>
> My goal is to enable Apache to log large access_log entries (>
> 1024 chars)
> to a syslog-ng server. The vast majority of examples I've
> seen for
> connecting Apache to syslog-ng employ the
> ancient /usr/bin/logger -- but
> that approach chops up messages longer than 1024 chars. The
> alternative
> approach is to use a perl/python script, but I'm nervous about
> the overhead.
> Anyone know of an updated logger binary?
>
> Thanks for any pointers,
> -Brian
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 4 Feb 2010 17:28:03 -0800
> From: Lance Laursen <lance at demonware.net>
> Subject: Re: [syslog-ng] Apache + syslog-ng w/o logger?
> To: "Syslog-ng users' and developers' mailing list"
> <syslog-ng at lists.balabit.hu>
> Message-ID:
>
> <ffa53b891002041728nd8cc926x952b170ac8a9bf23 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> After changing the log_msg_size(65536); parameter in
> syslog-ng.conf's
> options {}; section, I've used logger to send a single message
> with a 64KB
> payload. Have you tried using logger yet to see if it does
> what you need?
> I've just tested this on ubuntu 8.04, the logger binary being
> part of the
> default installed bsdutils package 1:2.14.2-1ubuntu4. Keep in
> mind regular
> syslogd has a 1024KB limit and all messages passed through it
> first will get
> chopped.
>
> You can also do what Jim suggests and use a "file" sourcetype
> on your
> access_log and go from there.
>
> -Lance
>
>
> On Thu, Feb 4, 2010 at 5:00 PM, Brian Donaldson
> <briantd at gmail.com> wrote:
>
> > My goal is to enable Apache to log large access_log entries
> (> 1024 chars)
> > to a syslog-ng server. The vast majority of examples I've
> seen for
> > connecting Apache to syslog-ng employ the
> ancient /usr/bin/logger -- but
> > that approach chops up messages longer than 1024 chars. The
> alternative
> > approach is to use a perl/python script, but I'm nervous
> about the overhead.
> > Anyone know of an updated logger binary?
> >
> > Thanks for any pointers,
> > -Brian
> >
> >
> ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email
> Security System.
> > For more information please visit
> http://www.messagelabs.com/email
> >
> ______________________________________________________________________
> >
> >
> >
> ______________________________________________________________________________
> > Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100204/aa1c1901/attachment-0001.htm
>
> ------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> End of syslog-ng Digest, Vol 58, Issue 5
> ****************************************
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
--
Bazsi
More information about the syslog-ng
mailing list