Logging Apache Access-Log to Syslog / Rsyslog / Papertrail

Using this as a guide ( http://wiki.rsyslog.com/index.php/Working_Apache_and_Rsyslog_configuration )  I was able to get Apache’s access log, filtered, forwarding to my Papertrail instance (via syslog / rsyslog). It may be useful to someone:

Redhat/Centos httpd.conf and/or your virtualhost conf — requires the logger program, which centos has by default:

# (20100219) Rianto Wahyudi - Send apache log to syslog
CustomLog "|/usr/bin/logger -t httpd -p local6.info" combined

rsyslog.conf (preferably above the /var/log/messages filter, so apache logs don’t pollute it)

# Log to papertrail
if $syslogfacility-text == 'local6' and $programname == 'httpd' and not ($msg contains 'stats') and not ($msg contains 'NewRelic') then @logs2.papertrailapp.com:12345
# Prevent logging httpd to /var/log/messages
if $syslogfacility-text == 'local6' and $programname == 'httpd' then ~

Be sure to replace 12345 with your papertrail port. Note that I added the ‘and not’ and ‘contains’ logic for my specific app, which you can remove, but I found helpful in filtering what gets sent to Papertrail. It took me awhile to figure out this logic so I left it in for you. Restart apache and rsyslog, and look at /var/log/messages for any rsyslog errors.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s