Further to my blog the other day about remote syslogd with Debian I run numerous web servers that serve the same site and visitors are directed to them based on GeoIP in BIND.

Making sense of the log files is difficult as they’re spread over separate files on separate servers. Thankfully awstats comes with a tool that helps solve this problem.

logresolvemerge.pl ships with awstats and you define each log file as a parameter, and it will sort them chronologically and output the results – so then you just direct the output into a file.

So for example on Debian you would:

/usr/share/awstats/tools/logresolvemerge.pl /var/log/apache2/somesite_access_log_node1 /var/log/apache2/some_site_access_log_node2 /var/log/apache2/some_site_access_log_node3 > /var/log/apache2/somesite_access_log

And its probably sensible to use rsync to send your logs to a centralized location.

Once you’ve used logresolvemerge.pl you can then use tools like awstats on the combined log file.