DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 3.20 Logging to syslog

Problem

You want to send your log entries to syslog.

Solution

To log your error log to syslog, simply tell Apache to log to syslog:

ErrorLog syslog:user

Some syslog reporting class other than user, such as local1, might be more appropriate in your environment.

Logging your access log to syslog takes a little work. Add the following to your configuration file:

CustomLog |/usr/local/apache/bin/apache_syslog combined

where apache_syslog is a program that looks like the following:

#!/usr/bin/perl
use Sys::Syslog qw( :DEFAULT setlogsock );

setlogsock('unix');
openlog('apache', 'cons', 'pid', 'user');

while ($log = <STDIN>) {
        syslog('notice', $log);
}

closelog;

(Note that this script is only a skeleton; an actual production quality version should include code to check for errors, etc.)

Discussion

There are two main reasons for logging to syslog. The first of these is to have many servers log to a central logging facility. The second is that there are many existing tools for monitoring syslog and sending appropriate notifications on certain events. Allow Apache to take advantage of these tools, and your particular installation may benefit.

Apache supports logging your error log to syslog by default. This is by far the more useful log to handle this way, because syslog is typically used to track error conditions rather than merely informational messages.

The syntax of the ErrorLog directive allows you to specify syslog as an argument or to specify a particular syslog facility. In the previous example, the user syslog facility was specified. In your /etc/syslog.conf file, you can specify where a particular log facility should be sent—whether to a file or to a remote syslog server.

Since Apache does not support logging your access log to syslog by default, you need to accomplish this with a piped logfile directive. The program that we use to accomplish this is a simple Perl program using the Sys::Syslog module, which is a standard module with your Perl installation. Because the piped logfile handler is launched at server startup and merely accepts input on STDIN for the life of the server, there is no performance penalty for using Perl.

If you have several web servers and want them all to log to one central logfile, this can be accomplished by having all of your servers log to syslog and pointing that syslog facility to a central syslog server. Note that this may cause your log entries to be in nonsequential order, which should not really matter but may appear strange at first. This effect can be reduced by ensuring that your clocks are synchronized via NTP.

Consult your syslogd manual for further detail on setting up a networked syslog server.

See Also

  • The manpages for syslogd and syslog.conf

    [ Team LiB ] Previous Section Next Section