Apache custom log through logger not working

Rocky Linux Help & Support
1

Hi,
Under Centos 7 Apache servers we are directing Custom log through logger below is config in httpd.conf

RemoteIPHeader X-Forwarded-For
LogFormat "%v %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

ErrorLog "|/usr/bin/logger -t httpd_error -p local5.info"
CustomLog "|/usr/bin/logger -t httpd_access -p local5.info" combined

and config for rsyslog file /etc/rsyslog.d/httpd.conf is below

:syslogtag, isequal, "httpd_error:"        -/var/log/httpd/error_log
& ~
:syslogtag, isequal, "httpd_access:"        -/var/log/httpd/access_log
& ~

Same config not working in Rocky 8. Apache stop putting any log in access_log or error_log file once we do enable this custom config in httpd.conf .

2

I’m finding it difficult to understand why you are sending it through logger instead of just doing:

ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined

which would send it direct to /var/log/httpd instead of having to jump through something else first. I guess you have a reason for it and maybe you can explain why you are doing it that way instead of the default way of how logging with Apache works?

However, maybe it’s not working due to selinux perhaps?

3

Hi iwalker ,

After some deep analysis , I able to identify and fix the issue. Let me explain thing in 3 parts

Why are using logger in Apache ?

we are using a centralized Syslog sever. All servers sending logs to this syslog. and syslog based on Rsyslog Template ( hostname , programname etc ) it is putting logs in different files under hostname

below is rsyslog.conf config.

$template RemoteLogs,"/data/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs

After adding tag by logger in apache , server local syslog sending all apache logs to remote syslog

like
. @10.X.X.X.X:51X

Now these logs required on local server also. So below config is defined to log it local machine

:syslogtag, isequal, "httpd_error:"        -/var/log/httpd24/error_log
& ~
:syslogtag, isequal, "httpd_access:"        -/var/log/httpd24/access_log
& ~

Why logs were not receiving locally in Rocky 8 ?

On Centos 7 every thing is working fine. On Rocky 8 while sending the logs , PID was added with tag like below is the log recieving on Syslog server for Rocky 8

2022-06-02T14:45:07+04:00 SC2-XXX httpd_access[*483157*]: Default 10.XXXX - - [02/Jun/2022:14:45:07 +0400] "GET /index.html HTTP/1.1" 200 - "-" "ELB-HealthChecker/2.0"

Due to this PID , isequal condition was not fulfilling to store the logs local

How fixed the issue ?

I changed the compare-operations from isequal to contains. After putting below configuration every thing is working fine.

syslogtag, contains, "httpd_error"        -/var/log/httpd/error_log
& stop
:syslogtag, contains, "httpd_access"        -/var/log/httpd/access_log
& stop
2 Likes