[CentOS] access to httpd logs

Thu Dec 1 20:34:19 UTC 2005
Bryan J. Smith <thebs413 at earthlink.net>

James Pifer <jep at obrien-pifer.com> wrote:
> I need to enable some access to the httpd logs over ftp so
> they can be analyzed by another application to get a
report.
> I used to do this on Windows NT before replacing the server
> with CentOS. 
> Thanks to help from another thread I have an ftp server
> enabled on the web server. I thought the easiest thing to
> do would be to create an id for the application to connect 
> with, then provide a symlink to the logs in that generic
> user's home directory. 
> The problem is the logs are owned by root. How can I make
> them readable by this generic id without completely
> compromising security? Plus, as the logs rotate this id
will
> still need access. 
> Any suggestions?

I know you just setup FTP, but consider using SSH instead.

First off, access to the logs are solved by always running
the process as root at the end system.  There is no reduced
security by doing this.

Secondly, setup 1 regular user on 1 system where you want the
logs to be localized for processing.  Then have the root user
of each system SCP the log file to that 1 system as the 1
regular user.  You'll want to use public key authentication
(or a Kerberos realm if you want to avoid generating and/or
copying keys for each system).

If you're into a more formal setup, CVS or other version
control or data collection repository check-ins of the log
files might be ideal.  For CVS (and several others), you can
use the SSH login.



-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)