httpd logs

[seth vidal]

On Thu, 9 May 2013 14:17:35 -0600
Kevin Fenzi <kevin at scrye.com> wrote:

> So, the recent fas vulnerability made us realize that we were not
> collecting and saving httpd logs from staging machines. 
> 
> I've since added: 
> 
> app01.stg
> app02.stg
> proxy01.stg
> 
> to have their httpd logs pulled over to log02 and kept. 
> 
> This however got me thinking. Since we are moving to a model where
> each app has it's own server, should we widen the servers we pull
> httpd logs from? For example, ask01/02? fedocal? blockerbugs?
> 
> Or should we figure out a better way to collect and store the httpd
> logs. 
> 

The ways I know of to collect/store httpd logs are:
1. rsyncing after the fact
2. redir out to logger to dump to syslog
3. other syslog-redirection trick
4. direct-to-mysql log writes.

I'm sure there are lots of variations on 3 using non-syslog to
replicate the logs.

the disadvantage of 1 is that we don't get the logs from 'just now' if
something goes wrong. That's where we are now. The second issue is that
we have to constantly update that list of hosts/files to replicate
those logs.

the disad of 2 and 3 is that http logs can kick the crap out of syslog
in short order. it may, however, be worth trying it with our system to
see how much damage the httpd logs do.

the disad of 4 is the dep on a db server (and the disads from 1)



thoughts on trying to log http to rsyslog/log02?

-sv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130513/70e64687/attachment.sig>