See http://httpd.apache.org/docs/2.2/logs.html#virtualhost
If CustomLog or ErrorLog directives are placed inside a section, all requests or errors for that virtual host will be logged only to the specified file. Any virtual host which does not have logging directives will still have its requests sent to the main server logs.
In other words, if you place Logging directives within a VirtualHost section, it will override the Logging directives within the main server configuration. If you want to log to a single logfile, then remove the log configuration from your VirtualHost sections.
For simplicity, I prefer to log all Access data to a single logfile. Later, you can process the logs and split the logfiles into logfiles for the Virtual Hosts. Also, writing to a single logfile is a more efficient use of computer resources then writing to 30 logfiles at once. Just make sure your LogFormat includes the '%v', which will log the name of the Virtual Host.
Is it possible to have ALL accesses and errors duplicated to a shared logfile?
You can log all errors and access to a shared logfile, but the logfile is ugly. First, send the Apache log data to syslog, and then use syslog to send to a local file or a remote log server.
# Send access logs to syslog
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "|/usr/bin/logger -t httpd -i -p local7.notice" combined
# Send error logs to syslog
ErrorLog syslog:local7
And then in /etc/syslog.conf
# Send all HTTP log data to this file
local7.* /var/log/http-all.log
You just specify ErrorLog
and CustomLog
within each VirtualHost
directive. With that in mind, you would not be able to use ServerAlias
and have separate log files for each host via normal performance without specifying separate VirtualHost
.
However, you could pipe the log through a script, and have the script make the separate files. Look at the piped logging documentation.
You could also use a post processing script, such as utilizing grep
to parse out the logs. A post processing script could be specified in the nightly logrotate under the postrotate
or preprotate
sections.
Apache 2.2 Piped Logging
Best Answer
Assuming you have shell access to the server with the log file, try
That will go back to the beginning of the 27th, which is a little over 48 hours, but I would expect that to be much smaller than the whole file, and it's quick to do. Don't forget to gzip the resulting file before you transfer it, that will speed things up even more.