I am trying to make all of my apache and drush logs forward to my Splunk server via rsyslog.
First, in my /etc/httpd/conf/httpd.conf file I change the entry:
ErrorLog var/log/httpd/error_log
to:
ErrorLog syslog:local1
as described at: http://wiki.rsyslog.com/index.php/Working_Apache_and_Rsyslog_configuration
Then in /etc/rsyslog.conf, I add:
# Save apache messages to apache.log
local1.* /var/log/apache.log
to have the logs prefixed with local1. to the local file /var/log/apache.log
and then:
local1.* ##splunk.myserver.com:8002
where my splunk server is set to listen for tcp connections on port 8002.
I haven't made an attempt at drush yet. The problem is that apache is logging fine to the previous setting to log to /var/log/httpd/error_log, but after I make my changes nothing goes to /var/log/apache.log or to my splunk server.
I restart both rsyslog and apache after making my changes to conf files.
I met the same thing
I fix it follow this: 1 make a error log, like access http://192.168.1.10/sadaf.php. Then to see the /var/error.log have it?
If have it, I test splunk server use port 514,and the sourcetype use syslog.
You can try it.
Related
I recently replaced Google Analytics by the self-hosted analytics tool Piwik.
This means that every time someone connects my website http://www.mywebsite.com, a Javascript tracking code is executed on the client, that calls my Piwik server http://www.mywebsite.com/piwik/piwik.php
Result:
on my server's Apache access.log, there is a line about http://www.mywebsite.com, that's normal
in my Piwik database, an information is stored about this visit, this is normal
on my server's Apache access.log, there is a line about the fact my Piwik server received a tracking request (executed by client with JS)
The logging part 3. is clearly too much!
From now, since Piwik in installed, my access.log is double sized!
How to remove the fact that Apache logs in access.log the connection to http://www.mywebsite.com/piwik/piwik.php ? i.e. client JS tracking code <--> Piwik server ?
The solution is to disable logging of certain requests (for example in
/etc/apache2/sites-available/000-default.conf with Debian 8):
<VirtualHost *:80>
ServerName www.mywebsite.com
DocumentRoot /home/www/mywebsite
...
SetEnvIf Request_URI "^/piwik(.*)$" dontlog
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined env=!dontlog
</VirtualHost>
The Apache manual contains a section on conditional logging
https://httpd.apache.org/docs/2.4/logs.html
What you need to do is set an environment variable when a condition is met (path is piwik/piwik.php)? Then you can use that environment variable in the apache log file configuration.
Disabling your tracking logs in Apache log file is not the best idea. If your Piwik will crash for some reason or your tracking will not work for some period of time (eg. over the weekend) you will loose your data.
Apache logs can save you here, you can then replay your traffic using LogAnalytics: http://piwik.org/log-analytics/#logfile
It is better to have reasonable log file storing policy then removing data from your log.
I am trying to rotate the log file in apache server. I tried a lot using rotatelog configuration in httpd.conf in apache configuration. But I can't.
while i configuring the rotatelog in httpd.conf, i found that Rotatelog having the option to run a program that can be acheived by using parameter -p. So i wrote a bat file to rotate the logs. And configured with apache server like below command
ErrorLog "|bin/rotatelogs.exe -l -p logs/apachelog.bat errorlogs 1M"
Whether My way of configuration is correct or not. Once error log file reached that particular file size , i want to execute the bat file. So i tried like this.
Thanks in advance.
I am using ubuntu 14.04 and I have managed to use rsyslog to push my Apache error logs to Papertrail. I then moved onto monitor another log file and after a restart and commenting out the apache config lines, I still get apache logs being monitored!
Does rsyslog cache config files somewhere? I have restated rsyslog via sudo service rsyslog restart and /etc/init.d/rsyslog restart.
Here is my current config file that seems to be monitoring my apache error.log file even though it is commented out.
$ModLoad imfile
$InputFilePollInterval 10
# Apache Error file:
#$InputFileName /var/log/apache2/error.log
#$InputFileTag apache-error:
#$InputFileStateFile stat-apache-error
#$InputFileSeverity error
#$InputRunFileMonitor
# App Error files:
$InputFileName /var/www/html/application/logs/log.php
$InputFileTag apache-error:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputRunFileMonitor
When I comment out this whole file, the apache errors stop being monitored. I am very confused, any help appreciated.
I can't explain the symptom you described, but did notice another problem which may be related. The InputFileStateFile configuration flag is a filename where rsyslog keeps its current position in the target file (InputFileName). The state file (stat-apache-error) is not deleted when rsyslog stops, so rsyslog knows where to start sending.
Using the same state file for 2 different underlying files will probably make rsyslog start at the wrong place, since the offset from /var/log/apache2/error.log won't be correct for /var/www/html/application/logs/log.php. Either use a different state file or remove the stat-apache-error file when you enable the second config.
I have a new server running CentOS, and it has httpd running on 192.168.1.100:80.
I can connect to my server through ssh on 192.168.1.100, but when I go to 192.168.1.100 in my browser, it says "Oops! Google Chrome could not connect to 192.168.1.100".
I also tried wget to see if that works, and here is where it gets interesting.
when I run:
wget 192.168.1.100
On my server it gets the index.html file as it should.
but when I run it on my laptop is says "Connecting to 192.168.1.100:80... failed: No route to host."
Does anyone know how to fix this?
Seems like your Apache configuration binds httpd to 192.168.1.100:80
Find line Listen 192.168.1.100:80 in Apache main configuration - something like /etc/httpd/httpd.conf or /etc/apache2/httpd.conf and change this line to Listen 0.0.0.0:80.
Restart Apache and it will probably work.
I am trying to set up Apache http 2.2, with mod_jk module.
The intention is to set up a load balancer right on my PC, for test purposes.
So I made some changes to httpd.conf to set some parameters, then I run it and I get the popup:
"Windows couldn't start Apache 2.2 on local PC. For more information check system events log. If it's not a windows service contact service provider and reference the code:1"
I check on the log and I get:
httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.35 for ServerName
So I uncomment on httpd.conf line: ServerName myPcName:80 and run it again.
I get the same popup, but this time I don't get anything on the events log.
Any idea on how to let it work?
(Nothing is bound on 80 port.)
Thank you
Please check if port 80 is being used by other application or not. Most of the time in my case "Skype" was using port 80. So I had to stop it and then I used to start Apache service.
To troubleshoot further what you can do is, goto apache's bin directory and run httpd.exe -t option. This will show you exactly what is causing problem.
The configuration file in the apache /conf folder, has a piece of code that starts from C:. It is copyrighted and therefore you cannot change the code.
All you have to do is make a second copy of the whole apache folder and put it directly in your C: directory. Your apache file is in System 32 causing you to use cprompt right. Having 2 identical apache folders one in C: and one in System 32 bypasses the problem.