Clusters and Syslog-ng

Apache errors can use a syslog facility as a destination (by default in this mode, local7:info). Apache access logs, rewrite logs, and php error logs can not use syslog. This is annoying if you’re doing things like combining apache logs from a cluster of web servers for stats purposes or trying to debug something on a live implementation on a load balanced cluster.

Alternately, you can use a pipe to send them all through the /usr/bin/logger script and use either the ‘tag’ option or a particular facility, which you can then grab using a non-regexp filter (using the match function), and collect them on one machine in a combined format. Syslog-ng handles the combining and locking issues. Bonus points: You can use a web interface to expose the centrally collected logs to developers instead of handing them enough permissions to get to them on your individual servers.