I want to configure Apache to send access logs to a log analysis system so is it possible to do it by configuring Apache or I have to use a Syslog tool to send logs.
Asked
Active
Viewed 1,649 times
2 Answers
1
In stead of having syslog handling the Apache logs, Apache can very well send its logging immediately to syslog, as explained eg. Apache config syslog
This is sufficient:
CustomLog "|/usr/bin/logger -t httpd -p <facility>.<priority>" <log format name>
You may need configuring syslog, if the standard treatment of these messages is insufficient.
Gerard H. Pille
- 2,469
- 1
- 12
- 10
0
You don't mention a specific log analysis software i think you want to accomplish this via the syslog protocol. Therefore, you need to do the following on your syslog Client (apache webserver).
- Create a ConfigFile under /etc/rsyslog.d/apache_access.log.conf
For access.log:
$ModLoad imfile
$InputFileName /var/log/apache2/access.log
$InputFileTag apache_access:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor
$InputFilePollInterval 10
local3.* @@ip-analysis-system:<portnumber-ip-analysis-system>
For error.log
/etc/rsyslog.conf
$ModLoad imfile
$InputFileName /var/log/apache2/error.log
$InputFileTag apache_error:
$InputFileStateFile stat-apache-error
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor
$InputFilePollInterval 10
local3.* @@ip-analysis-system:<portnumber-ip-analysis-system>
Restart syslog with:
systemctl restart rsyslog
Now all data from the local3 facility is send to your analysis-server.
By the way: I think your question is a duplicate. Look at the link below.
How to forward specific log file outside of /var/log with rsyslog to remote server?
Lorem ipsum
- 852
- 3
- 13