On Fri, 21 May 2010, James Corteciano wrote: > Hi All, > > My goal is to centralized all system/apps logs from different web farm > servers. I have the following setups: > > node0 - Centralized rsyslog server > web_farm1 - web farm 1 server running RHEL, rsyslog, and httpd with > different vhost. > web_farm2 - web farm 2 server running RHEL, rsyslog, and httpd with > different vhost. > > 1) How can I configure rsyslog from node0 to capture all vhost logs from > web_farm servers and all logs will be directly placed like: > > /var/log/syslog/web_farm1/<vhost>-error.log > /var/log/syslog/web_farm1/<vhost>-access.log > > 2) How to configure the httpd service in web_farm servers to push all logs > to node0 syslog server? I saw from internet like the following. > > httpd.conf: > ErrorLog "|/bin/logger -p local5.err" > CustomLog "|/bin/logger -p local6.info" > > rsyslog.conf: > *.* @node0
when logging from apache you can have log commands inside each vhost, or if you don't the logs will be handled by the main server. what I do is to have the access logs handled by the main server and create a custom format that includes the vhost as part of the format (I also reorder things so that data I really care about is near the beginning of the log and data that can be long is later in the message, so if it becomes extremely long and overflows the max log length I don't loose data I consider critical) then I run it through a perl script that reformats the message to put the vhost name in the server field and sends it out via UDP to my syslog server. I don't have access to that file at the moment (it's at work), I'll try to get a copy tomorrow and post it. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
