Make Your Logs Work for You

The days of logging in to servers and manually viewing log files are over. SolarWinds® Papertrail™ aggregates logs from applications, devices, and platforms to a central location.

View Technology Info

FEATURED TECHNOLOGY

Troubleshoot Fast and Enjoy It

SolarWinds® Papertrail™ provides cloud-based log management that seamlessly aggregates logs from applications, servers, network devices, services, platforms, and much more.

View Capabilities Info

FEATURED CAPABILITIES

Aggregate and Search Any Log

SolarWinds® Papertrail™ provides lightning-fast search, live tail, flexible system groups, team-wide access, and integration with popular communications platforms like PagerDuty and Slack to help you quickly track down customer problems, debug app requests, or troubleshoot slow database queries.

View Languages Info

FEATURED LANGUAGES

TBD - APM Integration Title

TBD - APM Integration Description

TBD Link

APM Integration Feature List

TBD - Built for Collaboration Title

TBD - Built for Collaboration Description

TBD Link

Built for Collaboration Feature List

Blog > Send Apache access logs to remote syslog in 1 line

Send Apache access logs to remote syslog in 1 line

Posted by By Troy Davis on January 1, 2019

Papertrail supports the remote syslog protocol, so it accepts Web server access logs from rsyslog, syslog-ng, the tiny remote_syslog log file to remote syslog daemon, and other senders.

In that “other senders” category, here’s an elegant hack to have Apache transmit access logs directly to a remote syslog server, using a one-line httpd.conf change.

To transmit with the hostname “www1” and the program name “apache”, add this line:

CustomLog '|nc -u logs.papertrailapp.com 1111' '<134>%{%b %d %X}t www1 apache %h %l %u %t '%r'%>s %b '%{Referer}i' '%{User-agent}i''

Note: For Apache 2.4.x, add a $ sign before the nc command. Use the line below:

CustomLog '|$nc -u logs.papertrailapp.com 1111' '<134>%{%b %d %X}t www1 apache %h %l %u %t '%r'%>s %b '%{Referer}i' '%{User-agent}i''

This combines netcat, Apache’s CustomLog configuration directive, and Apache’s piped logs feature (which will even restart nc if it crashes). Apache outputs a syslog-framed message to a pipe and nc does the rest. The <134> is the syslog’s priority identifier for facility local0, severity info. That’s followed by the syslog timestamp, system name, and program name.

Everything after “apache” is format specifiers to generate the standard combined log format. The format can be customized. The CustomLog directive works globally and can be used in VirtualHost stanzas.

The reference example is:

CustomLog '|nc -u <destination hostname> <destination port>' '<134>%{%b %d %X}t <system hostname> <program name> %h %l %u %t '%r'%>s %b '%{Referer}i' '%{aUser-agent}i''

This would work for any daemons which can output to a pipe, don’t block on the output (or automatically restart the pipe program, as Apache does), and support a user-supplied template for message formatting. It’s also possible to CustomLog to pipe to the “logger” program (instead of netcat), like this:

CustomLog '|logger -t httpd -p local1.info'

.. and then use your existing syslog daemon to transmit those to Papertrail.