On Thu, 9 May 2013 14:17:35 -0600 Kevin Fenzi <kevin@xxxxxxxxx> wrote: > So, the recent fas vulnerability made us realize that we were not > collecting and saving httpd logs from staging machines. > > I've since added: > > app01.stg > app02.stg > proxy01.stg > > to have their httpd logs pulled over to log02 and kept. > > This however got me thinking. Since we are moving to a model where > each app has it's own server, should we widen the servers we pull > httpd logs from? For example, ask01/02? fedocal? blockerbugs? > > Or should we figure out a better way to collect and store the httpd > logs. > The ways I know of to collect/store httpd logs are: 1. rsyncing after the fact 2. redir out to logger to dump to syslog 3. other syslog-redirection trick 4. direct-to-mysql log writes. I'm sure there are lots of variations on 3 using non-syslog to replicate the logs. the disadvantage of 1 is that we don't get the logs from 'just now' if something goes wrong. That's where we are now. The second issue is that we have to constantly update that list of hosts/files to replicate those logs. the disad of 2 and 3 is that http logs can kick the crap out of syslog in short order. it may, however, be worth trying it with our system to see how much damage the httpd logs do. the disad of 4 is the dep on a db server (and the disads from 1) thoughts on trying to log http to rsyslog/log02? -sv
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
