cPanel/WHM Dom logs to remote syslog server
There is any native support in cPanel service to send apache logs of all domains or any other logs on a remote server directly. Therefore, Some custom changes needed to send logs to remote server. So, first let’s list out all the domain name from the cPanel/WHM server. listing all the hosted domain on whm server
cat /etc/userdomains | awk -F':' '{print $1}' | grep -v '*' | wc -l
210
cat /etc/userdomains | awk -F':' '{print $1}' | grep -v '*' > domainlist.txt
I’ve also written a simple bash script to make custom changes on apache configuration httpd.conf file. I’ve got 210 total domain and to make changes on every virtual host directive is quite time-consuming. Also, we have to append the below line for every domain.
CustomLog "| /bin/sh -c '/usr/bin/tee -a /usr/local/apache/domlogs/abc.com | /usr/bin/logger -thttpd -plocal1.notice'" combined
Below script will first check for the line “CustomLog /usr/local/apache/domlogs/abc.com combined” in an httpd.conf file and if found then script will append another CustomLog line below that line.
#!/bin/bash
for domain in $(cat domainlist.txt)
do
/bin/sed "/CustomLog \/usr\/local\/apache\/domlogs\/$domain combined/ a CustomLog \"\| \/bin\/sh -c \'/usr/bin/tee -a \/usr\/local\/apache\/domlogs\/$domain \| \/usr\/bin\/logger -thttpd -plocal1\.notice\'\" combined" /etc/httpd/conf/httpd.conf -i
done
Now restart the apache service but first check configuration.
http -t
service httpd restart
Now add remote log server IP and port number on /etc/rsyslog.conf file. In my case, IP 192.168.1.21 listening on UDP port 514.
Single @ for UDP and double @@ for TCP connection.
vim /etc/rsyslog.conf
*.* @192.168.1.21:514
OR
local1.notice @192.168.1.21:514
Now restart rsyslog service.
/scripts/restartsrv_rsyslog
Comments