A surprisingly simple task presented itself this week. How to make an Apache2 server send its access log files over the network to a centralized syslogd server. I won’t disappoint by not sharing the details so here we go. On Ubuntu 10.04.
Server Side Configuration
- Enable syslog to allow network connections by:
ubuntu-server:~# sudo nano -w /etc/rsyslog.conf
Uncomment the following sections:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514 - Then add the new config to the rsyslog configuration files.
ubuntu-server:~# sudo nano -w /etc/rsyslog.d/40-apacheaccess.conf
logserv1.notice /var/log/remote-apache-access.log - Restart related services
- ubuntu-server:~# sudo service rsyslog restart
Client Side Configuration
- Add line to new rsyslog.d config file on the apache server. Change the IP to your log server’s ip address.
apache-server:~# sudo nano -w /etc/rsyslog.d/40-apacheaccess.conf
logserv1.notice @192.168.1.2 - Configure apache to output access logs to new remote server. Find the CustomLog line and modify it as it appears below. You can specify multiple locations so here I tee the file to the local file system and to the remote log server. Step 2 is all on one line.
- apache-server:~# sudo nano -w /etc/apache2/apache2.conf
- CustomLog “|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plogserv1.notice” combined
- Restart all Services related to apache and rsyslog
- apache-server:~# sudo service rsyslog restart
- apache-server:~# sudo service apache2 restart
0 Comments.