Ubuntu

Send Apache access logs to remote syslog server

found here http://www.naveoss.com/site/?p=149

Server Side Configuration

1. Enable syslog to allow network connections by: 

  ubuntu-server:~# sudo nano -w /etc/rsyslog.conf
  Uncomment the following sections:
  # provides UDP syslog reception
  $ModLoad imudp
  $UDPServerRun 514

  #provides TCP syslog reception
  $ModLoad imtcp
  $InputTCPServerRun 514

2. Then add the new config to the rsyslog configuration files. 

  ubuntu-server:~# sudo nano -w /etc/rsyslog.d/40-apacheaccess.conf
  logserv1.notice /var/log/remote-apache-access.log

3. Restart related services 

  ubuntu-server:~# sudo service rsyslog restart

Client Side Configuration

1. Add line to new rsyslog.d config file on the apache server. Change the IP to your log server’s ip address. 

  apache-server:~# sudo nano -w /etc/rsyslog.d/40-apacheaccess.conf
  logserv1.notice @192.168.1.2

2. Configure apache to output access logs to new remote server. Find the CustomLog line and modify it as it appears below. You can specify multiple locations so here I tee the file to the local file system and to the remote log server. Step 2 is all on one line. 

  apache-server:~# sudo nano -w /etc/apache2/apache2.conf
  CustomLog “|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plogserv1.notice” combined

3.Restart all Services related to apache and rsyslog 

  apache-server:~# sudo service rsyslog restart
  apache-server:~# sudo service apache2 restart

PmWiki

pmwiki.org

Blix theme adapted by David Gilbert, powered by PmWiki