[Apache] Sending Logs to Syslog and Monitoring with SEC

Just configured Apache to send its logs to the remote syslog server so they can be parsed with SEC for various types of activities such as those of downloading/retrieval of files, failed logins, etc… and to send emails automatically. The setup was is pretty simple. The Oreilly article: Sending Apache httpd Logs to Syslog, by Rich Bowen was very informative. In short, Apache has a built-in one liner directive that can be used for sending error logs to a syslog server. At the time of this writing, only error logs can be sent to syslog. But, Bowen has concacted a simple little perl script that will allow the sending of both error and access logs to the remote syslog server.

If you would just like to send error logs to a syslog server, simply using the below directive will accomplish the task by modifying httpd.conf:

ErrorLog syslog:<facility>



Advertisements
This entry was posted in *Nix. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s