Sending Everything to Syslog

Fri 29 January 2016
By alex

This is a running collection of syslog settings for various applications


Apache natively has the ability to send error logs to syslog, but if that method is used then the severity of each message is not uniform and searching is slightly more involved. By piping error logs to logger each message's severity can be standardized across the board.

LogFormat "[%v] %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
ErrorLog  "|/usr/bin/logger -t httpd -p local1.error" 

<VirtualHost *:port>
CustomLog "|/usr/bin/logger -t httpd -p" vhost_combined


access logs   program:local1 AND severity:info AND message:vhost name
error logs    program:local1 AND severity:error


When using php-fpm (on CentOS 7) the syslog.facility and syslog.ident settings cannot be set individually per pool. The desired facility must be set within php-fpm.conf. syslog.ident has no effect on pools, only the main php-fpm process. Pools are logged as the journal program and their pool name is included in the syslog message.

To enable consolidated searching of errors and access logs, the pool name would have the same name as the Apache virtual host that it's serving.

in php-fpm.conf

error_log = syslog
syslog.facility = local1
syslog.ident = php-fpm


error logs    facility:local1 AND message:pool name


in /etc/my.cnf


Messages will be logged as mysqld and mysqld_safe