First, open the configuration file with your favorite text editor (my choice was nano)
nano /etc/rsyslog.conf
In the file, at the top add the import module command to allow file monitoring
$ModLoad imfile
Then near the bottom of the file, but before your remote syslog @ command, add the following lines that will allow you to monitor the file
$InputFilePollInterval 10
$InputFileName /var/log/apache2/access.log
$InputFileTag apache-access:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
Then restart the syslog service for the changes to take effect
service rsyslog restart
Then validate syslogging is actually sending by running tcpdump and capturing traffic going outbound to that ip
tcpdump -i eth0 host XX.XX.XX.XX
listening on eth0
13:41:57.322554 IP YY.YY.YY.YY.57529 > XX.XX.XX.XX.514: SYSLOG authpriv.notice, length: 101
13:41:57.322909 IP YY.YY.YY.YY.57529 > XX.XX.XX.XX.514: SYSLOG authpriv.info, length: 104
13:41:57.323224 IP YY.YY.YY.YY.57529 > XX.XX.XX.XX.514: SYSLOG authpriv.info, length: 89
You can also verify apache access logs are enabled and working by viewing the log file that should have your logs at the bottom of them
nano /var/log/apache2/access.log
Hope that helps make your apache logging needs simpler.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment