# use nfs for /var/log



## nORKy (Sep 27, 2010)

Hi,

I have many web servers. Each servers writes many data in /var/log.

Do you think it is good to export a /var/log from a "log server" to all my web server.
This "log server" must easily scan log for attack, do some stats and others thinks...


What do you think about that ?


----------



## jalla (Sep 27, 2010)

You might centralize your web logs somewhere, but don't use a shared /var/log. Think of all the other stuff that logs there. Sharing /var/log would make a terrible mess.


----------



## DutchDaemon (Sep 28, 2010)

You should probably look at a centralised log server running something like sysutils/syslog-ng and a log analyser or intrusion detection system. All you have to do is instruct your web servers to send their log files to that central log server, either from syslogd and/or from e.g. an Apache configuration file.


----------



## nORKy (Sep 28, 2010)

oh. apache can do that ?

I think syslog-ng is a good app.
Thanks you


----------



## jalla (Sep 28, 2010)

apache can do it's logging through syslogd. Put something like this in httpd.conf

```
ErrorLog syslog:local1
```

Further, the standard syslogd can send to a different host with an entry like this in /etc/syslog.conf


```
local1.* @loghost
```


----------



## nORKy (Sep 28, 2010)

hmm...
So what do you think is better ? syslog or syslog-ng ?
Why choose 1 and not the other ?


----------



## DutchDaemon (Sep 28, 2010)

Regular syslogd on the sending side (the web server(s)), syslog-ng on the receiving side (the central syslog host). The latter can split off log files based on the sending hostname, and add things like date/month, rotation schedules, etc.


----------



## nORKy (Sep 29, 2010)

oh ok, thanks for your help.


----------

