Centralized Apache Logs with Syslogd

One of the projects I have for this year is the centralization of all Apache logs we have scattered across all our machines.

I know this kind of guide has been done before, but here’s my implementation for our systems.

  1. Install rsyslogd: apt-get install rsyslog. Some older machines we had were still using the older sysklogd, but form what I’ve gathered, it doesn’t support UDP transmission of the logs, so I didn’t fit me.
  2. Add the following rules to /etc/rsyslogd.conf:
    local1.crit @destination-host
    local1.info @destination-host
  3. Restart rsyslogd: /etc/init.d/rsyslog restart
  4. Edit your apache settings to add the new log rules (normally /etc/apache2/sites-enabled/000-default):
    ErrorLog syslog:local1
    CustomLog “|/usr/bin/logger -p local1.info” combined
  5. Restart apache: /etc/init.d/apache2 restart
  6. On the central machine add the following rules to syslog (this part is actually recycled from a Nuno Dantas implementation of the central logs for postfix):
    source s_remote { udp(); };
    destination d_clients { file(“/destination-path/$HOST”); };
    log { source(s_remote); destination(d_clients); };
  7. Restart syslog. You should now have the apache logs coming…

After this, I implemented a AWStats central instance which parses all those nifty logs.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s