I have many web servers. Each servers writes many data in /var/log.
Do you think it is good to export a /var/log from a "log server" to all my web server.
This "log server" must easily scan log for attack, do some stats and others thinks...
You might centralize your web logs somewhere, but don't use a shared /var/log. Think of all the other stuff that logs there. Sharing /var/log would make a terrible mess.
You should probably look at a centralised log server running something like sysutils/syslog-ng and a log analyser or intrusion detection system. All you have to do is instruct your web servers to send their log files to that central log server, either from syslogd and/or from e.g. an Apache configuration file.
Regular syslogd on the sending side (the web server(s)), syslog-ng on the receiving side (the central syslog host). The latter can split off log files based on the sending hostname, and add things like date/month, rotation schedules, etc.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.