Thursday, February 1, 2018

apache logs to syslog 

 get those apache logs to a remote syslog server  
   
 syslog  
   
 in /etc/apache2/sites-enabled/000-site  
   
 ErrorLog "|/usr/bin/tee -a /var/log/apache2/error.log | /usr/bin/logger -thttpd -plocal6.err"  
 CustomLog "|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plocal6.notice" combined  
   
 in /etc/syslog.conf  
 local6.*   @remoteserver  
   
 rsyslog  
   
 $ModLoad imfile  
 $InputFilePollInterval 10   
 $PrivDropToGroup adm  
 $WorkDirectory /var/spool/rsyslog  
    
 # Apache access file:  
 $InputFileName /var/log/apache2/access.log  
 $InputFileTag apache-access:  
 $InputFileStateFile stat-apache-access  
 $InputFileSeverity info  
 $InputFilePersistStateInterval 20000  
 $InputRunFileMonitor  
    
 #Apache Error file:   
 $InputFileName /var/log/apache2/error.log  
 $InputFileTag apache-error:  
 $InputFileStateFile stat-apache-error  
 $InputFileSeverity error  
 $InputFilePersistStateInterval 20000  
 $InputRunFileMonitor  
   
   
 what syslog gets:  
 <181>Feb 1 15:33:44 gallup httpd: 6.6.6.6 - - [01/Feb/2018:15:33:44 -0500] "GET /url/index.php HTTP/1.1" 200 20025 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)