0

I know there are alot of topics like this one but i have a particular need: I need to send all the logs from linux servers to a central loggin server.

Problem 1: On the central server i need to store the logs in the following format:

<root_dir>/<server_name>/<year>/<month>/<day>/{messages, mail, auth, httpd, etc}.log (the exact original file name of the log file)

The rsyslog server conf is 

$template RemoteHost,"/var/log/remotes/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%PROGRAMNAME%.log" which creates the folder structure ok but for some logs it doesn't work (httpd logs)

Problem 2: I need to send ALL logs. On the remote servers (centOS) i configured the classic

*.* @@<central-server-hostname>:5544

but i see that httpd logs are not send (i thing it is because the filter is . and httpd logs are named like "httpd_acces" and does not match the filter.

Do you know if this is possible?

Sven
  • 98,649
  • 14
  • 180
  • 226
Manea Dragosh
  • 1
  • 1

2 Answers2

0

Apache doesn't use syslog by default, it just writes into some files defined in the Apache config by default.

You can either configure Apache to pipe the log to syslog, e.g. via logger or configure rsyslog to monitor the Apache files and send the content to the remote server.

Sven
  • 98,649
  • 14
  • 180
  • 226
0

Apache usually does not log through syslog. You would have to pipe the logs through logger, see this guide. Not sure if that is a good idea performancewise.

*.* in syslog configuration not a file mask. It is a mask for <facility>.<priority> ... so something like kern.error. See the docs for how it works.

Fox
  • 3,977
  • 18
  • 23
  • Yes, i've seen the . thing. Now i have configured the source linux with /var/log/* @@:5544 so that it sends all files from /var/log but i don't receive anything at the central server. Is the config not correct? – Manea Dragosh Jul 20 '15 at 08:45
  • I've been searching the Internet and i've changed the client config to: $InputFileName /var/log/* *.* @@:5544 and now i receive log messages at the central server but still don't receive httpd logs. any ideas? – Manea Dragosh Jul 20 '15 at 09:28
  • @ManeaDragosh did you do everything mentioned in the mentioned guide? – Fox Jul 20 '15 at 12:27