[rsyslog] Apache logs to rsyslog, transmit over network and create a local file

ar at xlrs.de ar at xlrs.de
Tue Jan 8 13:24:48 CET 2013

Hi Ben,

You can define multiple access/error log files in your vhost configuration. 

Just write a second (local path) destination as you would do usually.

Von meinem Android-Gerät gesendet.

-----Original Message-----
From: Ben Bradley <bbradleyuk at gmail.com>
To: rsyslog at lists.adiscon.com
Sent: Mo., 07 Jan 2013 18:36
Subject: [rsyslog] Apache logs to rsyslog, transmit over network and create a local file

Hi everyone

I'm still getting my head around the configuration of rsyslog and Apache and I need some help. I think I'm getting a bit confused by the different config syntaxes that are referred to around the documentation.

On my webservers I'd like to keep a local copy of the Apache logs and send them over the network to a centralised server.
I've been testing this using the imfile plugin and manually setting up each Apache log file that I want to watch. It works but it's not ideal.

On the advice of helpful people here and in IRC, I've got test Apache vhosts now logging to the logger binary like so...
CustomLog "|/usr/bin/logger -p local0.info -t apache-access[vhost.domain.com]" combined
Rsyslog receiving those from logger and sending this over the network to logstash, so far so good.

But I'm trying to get rsyslog to also write a local copy of the logs for each vhost before they are sent over the network. In the same way that Apache normally does logging.

I've followed Axel's response to a thread I started a few weeks ago...
I really like the concept of Apache overriding the pid with the vhost, then rsyslog can write a log file using that procid (vhost). It's a really elegant solution.

But I'm having some trouble implementing this in rsyslog v7.2.4-1 (CentOS) from the repo.

Here's my full rsyslog.conf. I'm not using rsyslog.d/*.conf files yet but will do once I've got this working.

Lines 37-44 are what I'm having trouble with.
I believe this should write my logs to a vhost-specific log file but it doesn't seem to be working.

Do I need to re-arrange the order of my config?

Should I actually be using the new-style syntax?

Is there an example anywhere of the default config file fully translated to the new-style syntax?

If rsyslog fails for any reason then I won't have any Apache logs. Should that be a concern?

Cheers, Ben

rsyslog mailing list
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

More information about the rsyslog mailing list