[syslog-ng] Best way to pipe "application" logs to central syslog-ng server.

Delon Lee Di Lun lee.delon2005 at gmail.com
Tue May 8 01:51:13 UTC 2018 

Hi,

Thank you for your suggestion however this is not possible in my setup.

Yours Sincerely,
Delon Lee

On Tue, 8 May 2018 at 03:52 Evan Rempel <erempel at uvic.ca> wrote:

> We write all of our apache logs to an application
>
> ErrorLog "|/path/to/our/script site.fqdn.name error"
>
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> CustomLog "|/path/to/our/script site.fqdn.name access" common
>
> This script just writes the log line to syslog via script specific syslog
> API with an application name of httpd
> and a line prefix of
>
> access: site.fqdn.name:
> or
> error: site.fqdn.name:
>
> This allows the receiving end (central syslog server) to strip off the
> header and recreate files specific to each virtual host
>
> access_site.fqdn.name_datestamp
> error_site.fqdn.name_datestamp
>
> And these destination files will have the EXACT content that apache would
> have logged to disk on the source server.
>
> This permits us to feed web analytic tools in real time and provide them
> the exact source logs that these tools
> support.
>
> Works for us.
>
> Evan.
>
>
> On 05/07/2018 08:58 AM, Gergely Nagy wrote:
> >>>>>> "Delon" == Delon Lee Di Lun <lee.delon2005 at gmail.com> writes:
> >      Delon> In response to gergely, the 2nd option would require the
> changes to be made
> >      Delon> on the "apache side" of things right? If so, its unlikely
> possible in my
> >      Delon> use case.
> >
> > No, you can do that with rsyslog and syslog-ng too. Both allow you to
> > tinker with the syslog headers.
> >
> > Ideally, changing the Apache-generated log format to conform to a syslog
> > RFC would be ideal, but I understand that's not something most are
> > willing - or able/allowed - to make. So the next best option is to
> > fiddle with the syslog fields on the syslog side of things.
> >
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180508/d0d18b37/attachment.html>

More information about the syslog-ng mailing list