We currently use logger to get our Apache access logs to syslog-ng with a line like this one in each vhost:
CustomLog "|/usr/bin/logger -p local1.info -t www_main" combined
It seems that almost every tutorial or advice I can find regarding Apache and syslog-ng uses this method to get the logs into syslog-ng. (Example). The rest use named pipes and the pipe() source. (Example).
The trouble with this is that logger splits any lines longer than 1024 bytes and sends them as separate log entries, meaning that some log entries end up on separate lines in the final destination log file on the logging box.
Using a named pipe and the pipe() source in syslog-ng solves the split lines problem but comes with its own set of minor problems and annoyances. To name a few, the named pipe has to be created before both Apache and syslog-ng are started, syslog-ng must be started before Apache is started and tagging the logs (which is done above with -t
) must now be done in the syslog-ng configuration file rather than in the vhost.
This page suggests writing a short Perl script to use in place of /usr/bin/logger.
I was wondering if anyone knows of any alternatives to logger, preferably written in a natively compiled language or maybe an updated version of logger that doesn't split long lines in half.
I would also be interested in hearing of any other solutions to the problem of long log lines being split, such as a way of combining them back together using syslog-ng once they reach the logs servers.