From c35c7b8520ddd1823af11723fdcbc079c7f022e4 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 4 Aug 2025 09:47:39 -0500 Subject: [PATCH] r/apache: log errors to syslog by default Logging to syslog will allow messages to be aggregated in the central server (Loki now, Victoria Logs eventually), so I don't have to SSH into the web server to check for errors. --- roles/apache/defaults/main.yml | 1 + roles/apache/tasks/main.yml | 10 ++++++++++ roles/apache/templates/errorlog.j2 | 5 +++++ roles/apache/templates/ssl.include.j2 | 8 ++++++-- 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 roles/apache/templates/errorlog.j2 diff --git a/roles/apache/defaults/main.yml b/roles/apache/defaults/main.yml index c38bc6e..7c10ece 100644 --- a/roles/apache/defaults/main.yml +++ b/roles/apache/defaults/main.yml @@ -1,6 +1,7 @@ apache_mpm: event apache_keep_num_logs: 4 apache_max_log_size: 256M +apache_error_log: syslog:daemon apache_ssl_protocol: - all - '-SSLv2' diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 5d911a6..0a46ffb 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -5,6 +5,16 @@ tags: - install +- name: ensure global error log is configured + template: + src: errorlog.j2 + dest: /etc/httpd/conf.d/00-errorlog.conf + owner: root + group: root + mode: u=rw,go=r + tags: + - apache-config + - name: ensure http service keytab is in place copy: src={{ item }} diff --git a/roles/apache/templates/errorlog.j2 b/roles/apache/templates/errorlog.j2 new file mode 100644 index 0000000..b3c948e --- /dev/null +++ b/roles/apache/templates/errorlog.j2 @@ -0,0 +1,5 @@ +{% if apache_error_log %} +ErrorLog {{ apache_error_log }} +{% else %} +# Use the default ErrorLog value set in httpd.conf +{% endif %} diff --git a/roles/apache/templates/ssl.include.j2 b/roles/apache/templates/ssl.include.j2 index 30fed44..0c13096 100644 --- a/roles/apache/templates/ssl.include.j2 +++ b/roles/apache/templates/ssl.include.j2 @@ -1,7 +1,11 @@ # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log +{% if apache_ssl_error_log is defined %} +ErrorLog {{ apache_ssl_error_log }} +{% endif %} +{% if apache_ssl_transferlog is defined %} +TransferLog {{ apache_ssl_transferlog }} +{% endif %} LogLevel warn # SSL Engine Switch: