1

I have a very annoying situation concerning apache access/error logs on a remote log server.

Webserver: Stock apache logging with:

ErrorLog "|/usr/bin/logger -p local7.err -t www.sitename.com" CustomLog "|/usr/bin/logger -p local7.info -t www.sitename.com" "combined"

rsyslog is configured as follows:

local7.info @log.remote.lan local7.err @log.remote.lan

So far so good. All logs end up at the remote log server. On that server I have syslog-ng configured as follows:

options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0644); dir_perm(0755); stats_freq(0); bad_hostname("^gconfd$"); create_dirs(yes); keep_hostname (yes); }; destination hosts_acc { file("/var/log/remote/${newmsghdr}/$R_YEAR/$R_MONTH/$R_DAY/access.log"); }; destination hosts_err { file("/var/log/remote/${newmsghdr}/$R_YEAR/$R_MONTH/$R_DAY/error.log"); }; filter f_access { message("GET|POST|OPTIONS|HEAD"); }; filter f_error { message('\[error\]'); }; log { source(s_lan); rewrite(r_msghdr); filter(f_access); destination(hosts_acc); flags("final");}; log { source(s_lan); rewrite(r_msghdr); filter(f_error); destination(hosts_err); flags("final"); };

Both logs work fine. But... the error log is inserted twice in the logfile. When I set the webserver to log to a local file the error appears only once in that file. Any clues?

Improve this question

1 Answer 1

Reset to default
4

You're sending the log lines twice, because of these lines in rsyslogd.conf:

local7.info @log.remote.lan local7.err @log.remote.lan

When you specify info, that means that info and all higher priorities will be sent, not only info. Since err has a higher priority than info, you can remove the second line, so the log will only be sent once.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.