I'm working on a project with a small number of servers which host a PHP application. Right now each server is currently logging php errors, locally, to /var/log/php/oops.log, but I would like implement a solution where I can log into one, central server and view error log entries from any and all servers hosting the PHP application.
I've been doing some reading, and need a sanity check on the steps in order to accomplish my end game.
- Change php.ini error_log directive to log to 'syslog' instead of '/var/log/php/oops.log'
- Configure /etc/rsyslog.conf on each app server to filter PHP messages and forward them to a central (remote) server
- Configure central server to accept connections from all app servers (iptables etc)
My current system configuration is centos 6.2 (and a few .3) and all boxes use rsyslog.
Am I on the right track with the above steps? Anyone know of any step-by-step resources which may help?
Best Answer
So the solution I ended up going with is:
sysloglocal1.* @syslogsyslogserver, edit /etc/rsyslog.conf to filter messages using outchannels and filtersNow, when a php message is logged on an edge server, it gets sent to the centralized, remote server (syslog), where the message is parsed and filtered to an outchannel if certain criteria are met. This allows me to now only have to monitor one log file for all my edge servers.