Remote logging for httpd
My relatively small lab system was generating ~10GB of httpd logging on a daily basis. Even with logrotate and compression, the activity level was just ludicrous. I don't remember this from earlier versions. I don't see any obvious errors in the log that explain this over-zealous behavior. I didn't want to suppress the logs completely, and the LogLevel is already on warn. I decided in the end to remote log to my central syslog server which stores the logs on an NFS mount from a FreeNAS (ZFS with compression) NAS. The compression will keep the actual disk space down, and since I am not all that worried about losing some logs, I went with sync=off and udp on the transit. Here are the changes I made to /etc/httpd/conf.d/ssl.conf in case someone else finds them useful. 48,49c48,51 < ErrorLog logs/ssl_error_log < TransferLog logs/ssl_access_log ---
#ErrorLog logs/ssl_error_log ErrorLog "|/usr/bin/logger -t ssl-error -p local1.warn" #TransferLog logs/ssl_access_log TransferLog "|/usr/bin/logger -t ssl-access -p local1.warn" 203,206c205,212 < CustomLog logs/ssl_request_log \ < "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" < < CustomLog logs/ovirt-requests-log "%t %h \"Correlation-Id: %{Correlation-Id}o\" \"Duration: %Dus\" \"%r\" %b" "expr=%{QUERY_STRING} !~ /username.*password|password.*username/"
#CustomLog logs/ssl_request_log \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl-request-format CustomLog "|/usr/bin/logger -t ssl-requests -p local1.warn" ssl-request-format
LogFormat "%t %h \"Correlation-Id: %{Correlation-Id}o\" \"Duration: %Dus\" \"%r\" %b" ovirt-requests-format CustomLog "|/usr/bin/logger -t ovirt-requests -p local1.warn" ovirt-requests-format "expr=%{QUERY_STRING} !~ /username.*password|password.*username/" #CustomLog logs/ovirt-requests-log "%t %h \"Correlation-Id: %{Correlation-Id}o\" \"Duration: %Dus\" \"%r\" %b" "expr=%{QUERY_STRING} !~ /username.*password|password.*username/"
then blocked local logging to messages with local1.none in rsyslog.conf.
participants (1)
-
eshwayri@gmail.com