[syslog-ng] Apache vhost logs

Alan McKinnon Alan.McKinnon at is.co.za
Thu Jul 14 11:55:18 CEST 2011 

On Thursday, 14 July 2011 11:34:28 Josu Lazkano wrote:
> Thanks!!!
> 
> This work for me, las question.
> 
> Is possible to add a facility name on apache to archive on the
> logserver as "apache" file?

Facility names are hard-coded at the kernel level, the only ones you 
can have are those in "man 3 syslog". You can't add new ones.

So you have to use some other way to identify your apache logs. A good 
way is to pick an unused local0 to local7 facility (watch out for two 
hosts using the same local for different things and sending them to 
the same syslogger!)


> 
> Best regards.
> 
> -----Mensaje original-----
> De: Matias Banchoff [mailto:matiasb at cespi.unlp.edu.ar]
> Enviado el: miércoles, 13 de julio de 2011 13:54
> Para: Syslog-ng users' and developers' mailing list
> CC: Josu Lazkano
> Asunto: Re: [syslog-ng] Apache vhost logs
> 
> Hi!
>    are you using "combined" or "vhost_combined" in your V.H. config?
> For example:
>          CustomLog "|/usr/bin/logger -s -p local5.info "
> vhost_combined Bye!
> 
> On 07/13/2011 06:49 AM, Josu Lazkano wrote:
> > Hello again, I configure on the client side some vhost log files
> > this way:
> > 
> > $ cat syslog-ng.conf
> > options {
> > 
> >          log_fifo_size(2048);
> >          create_dirs(yes);
> >          group(adm);
> >          perm(0640);
> >          dir_perm(0755);
> >          use_dns(yes);
> >          stats_freq(0);
> >          bad_hostname("^gconfd$");
> > 
> > };
> > 
> > source s_all {
> > 
> >          internal();
> >          unix-stream("/dev/log");
> >          file("/proc/kmsg");
> >          file("/var/www/domain1/log/access.log");
> >          file("/var/www/domain2/log/access.log");
> >          file("/var/www/domain3/log/access.log");
> >          file("/var/www/domain4/log/access.log");
> > 
> > };
> > 
> > destination logserver {
> > 
> >          tcp("logserver");
> > 
> > };
> > 
> > log {
> > 
> >          source(s_all);
> >          destination(logserver);
> > 
> > };
> > 
> > With this configuration I don't get all access.log info, I put
> > on the same screen a tail -f with a local access.log and user
> > log on the logserver and on the vhost file there is more info.
> > Is this configuration correct?
> > 
> > Sorry for all those newby questions.
> > 
> > Thanks for all your help and best regards.
> > 
> > 
> > -----Mensaje original-----
> > De: syslog-ng-bounces at lists.balabit.hu
> > [mailto:syslog-ng-bounces at lists.balabit.hu] En nombre de Martin
> > Schütte Enviado el: lunes, 11 de julio de 2011 21:06
> > Para: Syslog-ng users' and developers' mailing list
> > Asunto: Re: [syslog-ng] Apache vhost logs
> > 
> > On 07/11/11 10:14, Josu Lazkano wrote:
> >> I have lots of vhost on the client-side. How could I configure
> >> it?
> > 
> > I find it preferable to have Apache log to syslog in the first
> > place, e.g. with:
> > CustomLog "||/usr/bin/logger -p local2.info -t apache" combined
> > ErrorLog "||/usr/bin/logger -p local3.info -t apache"
> > 
> > I use a custom log format to include a VHost field in access log
> > lines (and later split them as needed). If you need seperate
> > error logs as well, then it is probably best to include the
> > VHost name in the tag/programname field.
> 
> -----
> CeSPI
> Centro Superior para el Procesamiento de la Información
> 
> Universidad Nacional de La Plata
> --------------------------------------------------------------------
> ----------- Proteja el Medioambiente. No imprima este mail si no es
> absolutamente necesario
> ___________________________________________________________________
> ___________ Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- 
Alan McKinnon
Systems Engineer^W Technician
Infrastructure Services
Internet Solutions

+27 11 575 7585

Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers at is.co.za and a copy will be emailed to you.

More information about the syslog-ng mailing list