CentOS 7: Rsyslog Configuration for Apache

Linux Redhat 0 Comments

Configuring central logging is one of many important thing that you should configure to secure your system, it allow you to have an exact timeline in case of an incident or for troubleshooting reason.

I was in the process of configuring some machines to send their logs to a remote system, the thing is that we should not forget that some applications doesn’t use syslog/rsyslog by default for their logging, Apache is one of them, so let’s make this post a simple quick how to, but before that some informations refresh is necessary.

Rsyslog is an enhanced version of syslog that was around for a long time, it support plugin and have a modular design like everything in Linux today, it is also designed with security and high-performance in mind.

On Red Hat 7 and CentOS 7 linux distribution it’s the default system logger. All configuration is done using the /etc/rsyslog.conf , like other configuration file, it include anything in the /etc/rsyslog.d directory. If you need to pass parameters during the rsyslog service startup, you can use /etc/sysconfig/rsyslog file, which contain one line with the SYSLOGD_OPTIONS directive.

for example if you want to enable remote logging change this directive to:

SYSLOGD_OPTIONS="-m 0 -r"

I won’t go into more details on the different modules or rules, but you should know that rsyslog support many different logging sources, destinations an plugins.

In my case I needed to use rsyslog as a logging mechanism for my Apache error logs.
By default, the Apache service does not log through rsyslog, in our case, we should change the ErrorLog directive in Apache configuration file /etc/http/conf/httpd.conf

So let’s change it configuration to have rsyslog take care of Apache error logs:

First open /etc/http/conf/httpd.conf and locate the ErrorLog directive and change it like this:

Errorlog apache directive

I have used the syslog facility local2, you should not use local7 which is Apache default facility as it is used to log boot message to /var/log/boot.log on CentOS 7.
Then add the following line to your rsyslog.conf

local2.error /var/log/httpd-error.log

Restart your Apache server

systemctl restart httpd

Then restart your Rsyslog service

systemctl restart rsyslog

Check the two services status

systemctl status rsyslog httpd

systemctl-status-apache-rsyslog

To test this configuration, if you try to open the default web site using curl or your browser

curl http://localhost

You should get the error logged into /var/log/httpd-error.log as there is no index file configured

httpd error no index

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Leave a Reply

Your email address will not be published. Required fields are marked *