< Previous Page Return to Title Page Next Page >

Log Monitors and Apache

  • Apache is one of the few common daemons that does not (normally) use syslogd for logging
  • Apache does allow piped logs; see http://httpd.apache.org/docs/logs.html#piped
  • A log monitor can be added as follows in /usr/local/etc/apache/httpd.conf (path may vary):

    •   
    # Piped logs can be used for log rotation as well as monitoring
CustomLog "|rotatelogs /var/log/www_log 86400" combined
ErrorLog "|rotatelogs /var/log/www_errors 86400"
    # Apache can maintain more than one access log, so you can feed
# access information to a monitor and also to a log file
CustomLog "|exec perl /usr/local/bin/webmon.pl" combined
    # Piping error log messages to a monitor is especially useful
# when one wants to detect abuse and/or attacks. Alas, there can
# only be one error log, so you must either rely on access logs
# for error information (usually an acceptable solution) or 
# design your monitor to "tee" the messages to a file for you.
ErrorLog "|exec snobol4 -b /usr/local/bin/wormwatch.sno"