This is done in two steps
ErrorLog "/var/log/www/error.log" CustomLog "/var/log/www/access.log" extended_ncsa(assuming our logs go in /var/log/www) and replace them with:
ErrorLog "|/bin/sh -c '/usr/bin/tee -a /var/log/www/error.log | /usr/bin/logger -thttpd -plocal6.err'" CustomLog "|/bin/sh -c '/usr/bin/tee -a /var/log/www/access.log | /usr/bin/logger -thttpd -plocal6.notice'" extended_ncsafor apache 2.0.x or
ErrorLog "|/usr/bin/tee -a /var/log/www/error.log | /usr/bin/logger -thttpd -plocal6.err" CustomLog "|/usr/bin/tee -a /var/log/www/access.log | /usr/bin/logger -thttpd -plocal6.notice" extended_ncsafor apache 2.2.x.
This has us using Unix "tee" to write the log where it was being written, but also sends the entries to "logger" (which is the command line utility to send things to syslog).
extended_ncsa log format. The result is that nothing
will be logged by Apache.
combined which is typically
defined in default Apache installations.
In the above example for apache 2.2.x, this would change your configuration entry for your access log, to look like the following
CustomLog "|/usr/bin/tee -a /var/log/www/access.log | /usr/bin/logger -thttpd -plocal6.notice" combined
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messagesto
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;local6.none /var/log/messages # send anything remotely interesting to clogger # for intrusion detection, etc. *.info @clogger.fnal.gov
Adding the "local6.none" to the /var/log/messages line keeps you from logging the webserver stuff in your /var/log/messages (since we're already logging them in the web log area...)
Adding the @clogger.fnal.gov line forwards things to clogger.fnal.gov.