Centralised logging for Apache


(Groot) #1

Hi,
I am new in elk stack. Please someone help me.

We have 4 application running on apache server. Client don't want to use filebeat to push log individually to logstash as this will affect the performance of the application.
So, is there any alternate to process log file without filebeat?
Can we use syslog server and then forward the log to logstash?

Plz help


(Mark Walkom) #2

Yes.


(Jason Kopacko) #3

I use syslog-ng to push out system and internal logs to Logstash from all of my servers.


(Magnus Bäck) #4

Client don't want to use filebeat to push log individually to logstash as this will affect the performance of the application.

How so?


(Groot) #5

They worried that it will consume resources of production server which in turn affect their performance.


(Magnus Bäck) #6

Well, sending things via syslog isn't completely without cost either and can actually be more problematic since you either have to send data via TCP, which could block your application and/or lose logs, or UDP, which obviously can lead to loss of logs.

Instead of worrying they should measure the impact and weigh the cost against not collecting logs.


(Jason Kopacko) #7

I'd have to agree with Magnus.

The impact is very, very minimal regardless which option is chosen.


(Groot) #8

@magnusbaeck Thanks....
Finally they convinced :slight_smile:
Now we have one more issue.....
We are sending log from two different host using filebeat to logstash, but we are getting only one hostname in available field in kibana i.e. in our case we are sending log from root@server1 and root@server2. But we are getting only server1 in kibana and also in hostname.


(Magnus Bäck) #9

Check the Filebeat logs on server2.


(Jason Kopacko) #10

And does tcpdump show any incoming packets?


(system) #11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.