Red Hat

Hi All,

I need to send all apache logs to local syslog and then to syslog server (STRM – Security Threat response manager).

I follow these steps:-

vi /etc/httpd/conf/httpd.conf

Added these lines :-

ErrorLog syslog:local1
LogLevel notice

Then in syslog.conf:-

local1.crit /var/log/httpd/access.log

local1.* @192.168.1.1 (IP of syslog server)

killall -HUP syslogd
httpd restart.

Now apache logs are showing in remote syslog server. But the issue is I am getting only "notice" from apache i.e stopping and starting httpd services and nothing else.

I need all apache logs (i.e if someone clicked on the site then all logs should be send to syslog server and not only httpd restarting services)

I may need to set LogLevel in httpd.conf to redirect all access logs to syslog server.

Please suggest as I need to log 3 or more files includes modsecurity, error log , tomcat logs to syslog server.. Need to redirect all logs to syslog server.

Please suggest...

Thanks,
Sudhir

According to this directive:

Code:

 
ErrorLog syslog:local1
LogLevel notice

You set the level to only show notices from Apache.

Hi All,

I need all apache logs in my Syslog Server.

Can you please send me some help regarding my previous post.

According to this article on O'Reilly only the ErrorLog supports sending messages directly to syslog. For everything else, you'll have to pipe it to a program first. Luckily, they provide the script in the same article.