use nfs for /var/log

[nORKy]

Hi,

I have many web servers. Each servers writes many data in /var/log.

Do you think it is good to export a /var/log from a "log server" to all my web server.
This "log server" must easily scan log for attack, do some stats and others thinks...


What do you think about that ?

 

[jalla]

You might centralize your web logs somewhere, but don't use a shared /var/log. Think of all the other stuff that logs there. Sharing /var/log would make a terrible mess.

 

[DutchDaemon]

You should probably look at a centralised log server running something like sysutils/syslog-ng and a log analyser or intrusion detection system. All you have to do is instruct your web servers to send their log files to that central log server, either from syslogd and/or from e.g. an Apache configuration file.

 

[nORKy]

oh. apache can do that ?

I think syslog-ng is a good app.
Thanks you

 

[jalla]

apache can do it's logging through syslogd. Put something like this in httpd.conf

ErrorLog syslog:local1

Further, the standard syslogd can send to a different host with an entry like this in /etc/syslog.conf

local1.* @loghost

 

[nORKy]

hmm...
So what do you think is better ? syslog or syslog-ng ?
Why choose 1 and not the other ?

 

[DutchDaemon]

Regular syslogd on the sending side (the web server(s)), syslog-ng on the receiving side (the central syslog host). The latter can split off log files based on the sending hostname, and add things like date/month, rotation schedules, etc.

 

[nORKy]

oh ok, thanks for your help.