Logging Apache Centrally

Some first notes on what we can/could do.

  • Not considering Apache 2.2, as we'll only be using 2.4 once the SL7 migration is complete.
  • Assume that the central logging is in addition to whatever the web site is configured to log normally.
  • Are we interested in both Error and Access log?


With the proviso that I've not actually tried any of this yet, it looks fairly simple to have the access log going to our central rsyslog server. From http://httpd.apache.org/docs/current/mod/mod_log_config.html#globallog it reads we could add a GlobalLog directive to pipe (via /usr/bin/logger) to the regular rsyslog mechanism. I'd suggest using a modified logformat that includes the name of the site requested, otherwise you will not be able to distinguish which possible VirtualHost the GET / was for. The man page is a bit unclear about what happens when a VirtualHost then defines its own CustomLog.

A couple of things to bare in mind:

  • the pipe to logger will be running as root
  • what facility.priority would we want to use. I've seen one suggestion of "local6.notice"

If GlobalLog isn't suitable, then we'd have to add a CustomLog to each VirtualHost. This is OK as multiple CustomLogs are supported, and just mean that things are logged in multiple locations.

Update: Unfortunately the GlobalLog directive is only available from 2.4.19 onwards, SL7 is shipping with apache 2.4.6 (or 2.4.18 as a special).


This might be trickier. Unlike CustomLog, multiple ErrorLog directives just mean that the previous setting is overridden, not added to. It's not uncommon for sites with multiple VirtualHosts to have each site log its errors into different error logs. It also means that though you could do:

  ErrorLog syslog:local6

To have all error log entries go to rsyslog, then they wouldn't also go to the default file based log file. As ErrorLog can also send to pipe, that pipe could be a tee to the usual file and then another pipe to logger. But again, if this is all done in the main apache config, it is lost if the VirtualHost chooses to simply use ErrorLog to log to a local file.

If we do want to log ErrorLog centrally, then we would have to ask web managers to co-operate and either not use ErrorLog, or define it in such a way that we get the central logging, plus whatever it was they were trying to do.

Next Steps

  • Ask Infrastructure if they have any particular facility.priority they'd like us to use.
  • Decide if we want to log both access and errors.
  • Give it a go on a live service to see:
    1. that it works
    2. what sort of impact it might have, performance and disk usage.


blog.inf is now logging to local6.notice. The basic lcfg is:

!apacheconf.verbatim               mADD(centrallog)
apacheconf.verbatimline_centrallog LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" site=%v httphost=%{HTTP_HOST}e port=%p" inf_accesslog
!apacheconf.vhostverbatim_wordpress         mADD(centrallog)
apacheconf.vhostline_wordpress_centrallog   Customlog "|/usr/bin/logger -thttpd -plocal6.notice" inf_accesslog


-- NeilBrown - 07 Feb 2017

Topic revision: r2 - 21 Mar 2017 - 16:00:46 - NeilBrown
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies