Why is everything logged in /usr/local/apache/logs/access_log

[santrix]

This may be NginX related (specifically CPNginX). I notice that apache access_log contains all requests including those that /usr/local/cpanel/bin/splitlogs sends to the domlogs. The splitlogs documentation seems to suggest that only requests without a vhost header and those against the main host name should wind up in the access_log, but across our whole network I see everything getting dumped in there. The logging to domlogs appears to work correctly.

The only reason I ask is that if this behaviour is normal then it would be so much more handy if the vhost got logged in access_log too! because currently it doesn't which seems pretty pointless from a log analysis point of view.

 

[cPanelMichael]

Hello

I believe this is likely the result of using Nginx. The contents of the Apache domain access logs and /usr/local/apache/logs/access_log are not the same on a test machine running Apache.

Thank you.

 

[santrix]

Thank you Michael, for confirming my suspicions. I simply haven't had the time to setup a machine without nginx to test this, but thank you all the same for taking the time to reply.

 

[JamesOakley]

Hmm

I'm not so sure it's to do with nginx.

I'm running Apache 2.4, built with EasyApache.

If I enable piped logging in Apache, everything goes to the access_log. If I disable it, it goes to the domlogs entries for the appropriate virtual host

If I restart Apache, those entries are then cleared out of the access_log and moved into the relevant domlogs file.

I'm still testing to find out how long I would have to wait before this batching would happen by itself, without restarting Apache. I've already waited longer than I want to wait - in terms of how current I need the domlogs folder to be.