Centralized apache logging with rsyslog

Question

I maintain many virtualhosts (over 60) hosted on a Centos server running Apache. The virtualhosts gets created using Plesk, which creates separate log files for each domain using the following pattern /var/www/vhosts/<domain_name>/statistics/logs/{access,error}_log.

I would like to centralize all these logs on another server to parse them with elasticsearch + logstash. Currently I have a bash script which create a <domain>.conf file in the /etc/rsyslog.d/ for each domain contained in the /var/www/vhosts dir, with the following configuration:

InputFileName /var/www/vhosts/<domain_name>/statistics/logs/access_log
$InputFileTag apache-access:
$InputFileStateFile state-apache-access
$InputRunFileMonitor

Is there a way to create a single .conf file which will send all the logs to my central logging server? Something like $InputFileName /var/www/vhosts/*/statistics/logs/access_log

Any help is appreciated!

score 1 · Answer 1 · answered Jun 25 '13 at 16:33

1

AFAIK rsyslog doesn't support wildcards in filenames. nxlog does. In addition it can parse apache logs and can send it to elasticsearch over http. You might want to take a look at it. (Disclaimer: I'm affiliated with the project.)

answered Jun 25 '13 at 16:33

b0ti

986
1
6
13

Centralized apache logging with rsyslog

1 Answers1