I've been trying to route Apache's logs through Syslog (for some reason log rotation had stopped, and using Syslog and logrotate seemed a reasonable solution).
I have sent Apache's error logs to local7 and piped the access logs to local6 via the logger program.
I want Syslog to write the error and access logs to /var/log/apache2/error.log and /var/log/apache2/access.log respectively.
To that end I have added the following to /etc/syslog.conf:
# Logging for Apache using local7 facility for error messages
# and local6 for access log
# Added 20/06/2010 by Chris Bunney
local7.* /var/log/apache2/error.log
local6.* /var/log/apache2/access.log
I know that the error and access logs are being sent to Syslog correctly because they are showing up in /var/log/syslog, however they are not being written to the files I want.
The original file permissions of the target files:
-rw-r----- 1 root adm 0 2010-06-20 23:01 access.log
The current file permissions of the target files that I have been using to try and rule out such things causing issues:
-rw-rw-rw- 1 syslog adm 0 2010-06-20 23:01 access.log
Everything looks fine to me, so why aren't the messages Syslog is receiving being written to the files I want? Have I missed something simple?
Full Output of cat /etc/syslog.conf:
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
# Logging for Apache using local7 facility for error messages
# and local6 for access log
# Added 20/06/2010 by Chris Bunney
local7.* /var/log/apache2/error.log
local6.* /var/log/apache2/access.log
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
-
Did you restart syslogd? You can also use
lsof -f -p <pid-of-syslogd>to see what log files it has open. The syslog.conf looks right, you might want to post your apache configuration.chrisbunney : Yep, I missed something simple. I must have restarted everything *but* syslog. Restarted Syslog and it worked fine. Sorry, but I don't have the rep for an upvote. Now, I think I ought to go to bed, the lack of sleep is obviously having negative effects...From delimiter
0 comments:
Post a Comment