Friday, December 19, 2014

apache logs to syslog

the other day i flipped out. well, flipped out in my own quiet way. i heard about some apache access issues and it gave me a slight headache. the super cool thing about linux boxes is that the "truth is in the logs". and i heart logs and log aggregation.

the cool thing about apache is that if configured correctly it will log all access and all errors. sadly, apache, by default, writes its logs on the local system and not via syslog processes. crap.
i really really don't want to go to each of my boxes and grep through /var/log/apache/blah.txt, how do i throw the logs access the network?

well, most linux boxes have tee and logger. tee is a nice program that basically say, do this and this. logger can send arbitrary data to syslog. yay.

in my enabled site, i changed my ErrorLog and CustomLog sections from this:

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
to this:

ErrorLog "|/usr/bin/tee -a /var/log/apache2/error.log | /usr/bin/logger -thttpd -plocal6.err"
CustomLog "|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plocal6.notice" combined
i'm calling local6 and sending it off to syslog in httpd format. neat.

since i'm using rsyslogd, i edited my /etc/rsyslog.d/50-default conf to pipe off my logs to my remote syslog server:
auth,authpriv.*;local6.* @remotesyslogserver
if you'd rather not log to /var/log/syslog, add: local6.none to the -/var/log/messages stanza.

reload your daemons and voila.
Post a Comment