Hi iwalker ,
After some deep analysis , I able to identify and fix the issue. Let me explain thing in 3 parts
Why are using logger in Apache ?
we are using a centralized Syslog sever. All servers sending logs to this syslog. and syslog based on Rsyslog Template ( hostname , programname etc ) it is putting logs in different files under hostname
below is rsyslog.conf config.
After adding tag by logger in apache , server local syslog sending all apache logs to remote syslog
Now these logs required on local server also. So below config is defined to log it local machine
:syslogtag, isequal, "httpd_error:" -/var/log/httpd24/error_log
:syslogtag, isequal, "httpd_access:" -/var/log/httpd24/access_log
Why logs were not receiving locally in Rocky 8 ?
On Centos 7 every thing is working fine. On Rocky 8 while sending the logs , PID was added with tag like below is the log recieving on Syslog server for Rocky 8
2022-06-02T14:45:07+04:00 SC2-XXX httpd_access[*483157*]: Default 10.XXXX - - [02/Jun/2022:14:45:07 +0400] "GET /index.html HTTP/1.1" 200 - "-" "ELB-HealthChecker/2.0"
Due to this PID , isequal condition was not fulfilling to store the logs local
How fixed the issue ?
I changed the compare-operations from isequal to contains. After putting below configuration every thing is working fine.
syslogtag, contains, "httpd_error" -/var/log/httpd/error_log
:syslogtag, contains, "httpd_access" -/var/log/httpd/access_log