01-15-2010
4,
0
Join Date: Jan 2010
Last Activity: 5 February 2010, 12:11 AM EST
Posts: 4
Thanks Given: 0
Thanked 0 Times in 0 Posts
Sending all apache logs to Syslog Server
Hi All,
I need to send all apache logs to local syslog and then to syslog server (STRM – Security Threat response manager).
I follow these steps:-
vi /etc/httpd/conf/httpd.conf
Added these lines :-
ErrorLog syslog:local1
LogLevel notice
Then in syslog.conf:-
local1.crit /var/log/httpd/access.log
local1.* @192.168.1.1 (IP of syslog server)
killall -HUP syslogd
httpd restart.
Now apache logs are showing in remote syslog server. But the issue is I am getting only "notice" from apache i.e stopping and starting httpd services and nothing else.
I need all apache logs (i.e if someone clicked on the site then all logs should be send to syslog server and not only httpd restarting services)
I may need to set LogLevel in httpd.conf to redirect all access logs to syslog server.
Please suggest as I need to log 3 or more files includes modsecurity, error log , tomcat logs to syslog server.. Need to redirect all logs to syslog server.
Please suggest...
Thanks,
Sudhir