Sending all apache logs to Syslog Server

sidhurana · January 15, 2010, 1:30am

Hi All,

I need to send all apache logs to local syslog and then to syslog server (STRM � Security Threat response manager).

I follow these steps:-

vi /etc/httpd/conf/httpd.conf

Added these lines :-

ErrorLog syslog:local1
LogLevel notice

Then in syslog.conf:-

local1.crit /var/log/httpd/access.log

local1.* @192.168.1.1 (IP of syslog server)

killall -HUP syslogd
httpd restart.

Now apache logs are showing in remote syslog server. But the issue is I am getting only "notice" from apache i.e stopping and starting httpd services and nothing else.

I need all apache logs (i.e if someone clicked on the site then all logs should be send to syslog server and not only httpd restarting services)

I may need to set LogLevel in httpd.conf to redirect all access logs to syslog server.

Please suggest as I need to log 3 or more files includes modsecurity, error log , tomcat logs to syslog server.. Need to redirect all logs to syslog server.

Please suggest...

Thanks,
Sudhir

dday · January 15, 2010, 3:40pm

According to this directive:

 
ErrorLog syslog:local1
LogLevel notice

You set the level to only show notices from Apache.

sidhurana · January 18, 2010, 4:58am

Hi All,

I need all apache logs in my Syslog Server.

Can you please send me some help regarding my previous post.

pludi · January 18, 2010, 5:13am

According to this article on O'Reilly only the ErrorLog supports sending messages directly to syslog. For everything else, you'll have to pipe it to a program first. Luckily, they provide the script in the same article.