Remote logging with rsyslog: Apache case

If you don’t know how to configure remote logging with rsyslog, refer to this article.

There are many ways to store your logs with a different name, it can be by application name, host name, custom name etc. To do this you have multiple choices, you can either edit rsyslog configuration file or application config file even more create new config files under /etc/rsyslog.d/ directory (httpd.conf file in our example).

It’s also good to know log levels; there are many levels such as “local6.”, “info.”, “authpriv”, “.emerg”, “mail.”. These levels or maybe rules manage which message level will be kept in which log file. Ex, emergency messages will be kept under /var/log/emergency or system messages under /var/log/messages. In rsyslogd.conf you can customize directories and log rules, check it you will see default configuration. You do not have to know all rules and all letters written in this configuration file, you won’t use most of them. To have deep knowledge you can ask Google! I will also share in this page some useful links.

Well, previous article “Remote logging with rsyslog” was sending all logs to /var/log/messages on remote server. Now, we will try to set up a separate logging dedicated to our apache application. To avoid all kind of conflicts with the remote server I want to redirect sender server’s apache logs into another directory with hostname.

Server environment:

Source: Centos 7, rsyslogd,, hostname: autofs_client

Target: Centos7, rsyslogd,, hostname: ftpserver

Keep in mind:

To send logs on another server, you should specify its IP address in /etc/rsyslog.conf file.

Server which receives logs from distant server will dispatch them into specified directories with specific file name. This action is done by rsyslog configuration in receiving server. If not your server can not know where to put these messages and probably it will select /var/log/messages.  So, we must modify config files on both servers.

After setting up rsyslog facility (check here) We will create a new configuration file for http on target server.

Under /etc/rsyslog.d/ create httpd.conf file.

More infromtaion about tags and syntax usage check following links:




Remote logging configuration:


On autofs_client server I stopped http service.

Where comes programname tag is the application name, syslogtag is the tag that we assign to the application (here they have same values and do the samething).  Contains Checks if the string provided in value is contained in the property. This value must be a perfect match, wildcards are not supported.

DynFile is the template variable name pointing to /var/log/%HOSTNAME%/httpd.log destination. If folder with hostname is missing, it will be created after restarting the rsyslog service and logs will be kept in httpd.log file. At the end of message transmission, to close logging we use & stop statement. Earlier versions of rsyslog supports & ~.

Http service is stopped on autofs_client server.

On the right picture you see logs are sent to ftpserver and written in /var/log/autofs_client/httpd.log file.

You can configure remote logging specific to applications by following this easy example.