Centralized logging for multiple servers
citrin at citrin.ru
Mon Apr 13 22:47:18 MSD 2009
Kingsley Foreman wrote:
> Just wondering what you guys are using for centralized logging of access
> logs for multiple servers. I'm thinking about using the syslog patch but
> I was wondering if anyone was using anything they think is better? And
> has piping of log files been implemented in the newer versions?
1. syslog and log to pipe is not usable with high-loaded web server.
2. If you want to send logs to other host via syslog-ng don't forget, that some records will be
lost in case of network failure (longer than kernel tcp retransmit timeout), and in case of log
3. IMHO most usable for loaded servers way to store all logs on one server is:
3.1 rotate logs as often as need.
3.2 share logs by http using same nginx (protected by password and IP ACL).
3.3 on central server run script to fetch this logs (e. g. using wget).
If you want near-realtime logs on central server you can run:
tail -F /path/to/access.log | soft-to-send-logs-to-remote-server
More information about the nginx