| View previous topic :: View next topic |
| Author |
Message |
jtrooney
Tux's lil' helper
Joined: 10 Nov 2004
Posts: 82
|
 Posted: Wed Feb 02, 2005 6:13 am Post subject: Syslog-ng |
 |
|
| Ok I have a a major problem here. I manage 9 linux servers and need to have the all log to a central system. We have syslog-ng on all of them with a central server that is currently logging a couple major processes. What I'm trying to do is the get apache from a couple of systems to log to this central server as well. Any thoughts? I can post any conf files needed just let me know. Thanks |
|
| Back to top |
|
 |
giant
Tux's lil' helper
Joined: 01 Aug 2002
Posts: 107
|
| Posted: Wed Feb 02, 2005 8:19 am Post subject: |
|
|
http://www.cert-in.org.in/knowledgebase/guidelines/CISG-2004-03.pdf
Everything is explained in this document in more detail then I can describe it 
The trick is to pipe the access logs from Apache to syslog-ng.
Just make sure that your central logserver can handle this !
Are you using something to parse the central logfiles as well - like logsurfer ? |
|
| Back to top |
|
|
jtrooney
Tux's lil' helper
Joined: 10 Nov 2004
Posts: 82
|
| Posted: Sat Feb 05, 2005 4:36 am Post subject: |
|
|
OK I'm almost there I just need a fresh set of eyes as I can't get it completed. I have the error logging working just fine but for the life of me I can't get the access log working.
Apache.conf access logging portion:
| Code: | | CustomLog "|/usr/bin/logger -p local3.info -t 'httpd_access'" combined |
Syslog Server config for both access and error:
| Code: |
destination httpd_error { file("/var/log/all/$YEAR/$MONTH/$DAY/$HOST/httpd_error.log"); };
destination httpd_access { file("/var/log/all/$YEAR/$MONTH/$DAY/$HOST/httpd_access.log"); };
filter f_httpd_error { facility(local3) and match("httpd_error"); };
filter f_httpd_access { facility(local3) and match("httpd_access"); };
log { source(src); filter(f_httpd_error); destination(httpd_error); };
log { source(src); filter(f_httpd_access); destination(httpd_access); };
|
Anythoughts? I'm racking my brain here =) Thanks in advance. |
|
| Back to top |
|
|
tdemarest
Tux's lil' helper
Joined: 18 Mar 2003
Posts: 99
Location: California, USA
|
| Posted: Sun Feb 06, 2005 6:29 am Post subject: |
|
|
Have you defined a network source such as:
| Code: | | source net { udp(); }; |
This is required if you are accepting syslog over the network. Then your log lines would look like:
| Code: |
log { source(net); filter(f_httpd_error); destination(httpd_error); };
log { source(net); filter(f_httpd_access); destination(httpd_access); };
|
|
|
| Back to top |
|
|
|
Networking & Security
