[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] Transform file path
From: Scheidler, Balázs <balazs.scheidler () balabit ! com>
Date: 2016-05-25 6:15:00
Message-ID: CANWQT2PX7CxF+k6ZHEp6kUcNR67gedpo9fWcyR-BmvC58MAt-w () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Yes, you have to parse the incoming access.log entries, for example using
the apache-accesslog-parser() in SCL, after which you'll have separate
name-value pairs for access.log fields that you can later use in templates.
--
Bazsi
On Tue, May 24, 2016 at 11:46 AM, Alexey Vlasov <renton@renton.name> wrote:
> Hi,
>
> I intend to manage the distribution of the Apache log-files for each
> virtualhost using syslog-ng.
>
> I write the following in Apache vhost configue:
>
> <VirtualHost *>
> SetEnv V3WUSER w_test-l26-apache-_b8649b
> LogFormat "%{V3WUSER}e %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" xcombined
> CustomLog /var/log/apache_aux2_worker2/access_pipe.log xcombined
> </IfModule>
>
> as a result I get this kind of format of the log file:
>
> w_test-l26-apache-_b8649b 10.0.2.24 - - [24/May/2016:12:41:33 +0300]
> "GET / HTTP/1.1" 200 - "http://example.com/" "ELinks (0.11.7; Linux
> 3.14.46-1gb-csm x86_64; 158x45)"
>
> where the first field is the unique identifier of the virtualhost.
>
> Next step I write the following in syslog-ng:
>
> source src_apache_piped_logs {
> pipe("/var/log/apache_aux2_worker2/access_pipe.log"
> keep_timestamp(no));
> };
>
> destination dst_apache_piped_logs {
> file("/var/log/virtwww/${V3WUSER}/access.log"
> template("$MSGONLY\n") template-escape(no));
> };
>
> log {
> source(src_apache_piped_logs); destination(dst_apache_piped_logs);
> };
>
> Сonsequently I would like to have each log file of the virtualhost
> placed in its own catalog and the path should contain the first field of
> the message (${V3WUSER} = w_test-l26-apache-_b8649b)
>
> Is it actually possible?
> Thanks in advance for the help.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Yes, you have to parse the incoming access.log entries, for example \
using the apache-accesslog-parser() in SCL, after which you'll have separate \
name-value pairs for access.log fields that you can later use in \
templates.<br></div><div class="gmail_extra"><br clear="all"><div><div \
class="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div> <br><div \
class="gmail_quote">On Tue, May 24, 2016 at 11:46 AM, Alexey Vlasov <span \
dir="ltr"><<a href="mailto:renton@renton.name" \
target="_blank">renton@renton.name</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br> <br>
I intend to manage the distribution of the Apache log-files for each<br>
virtualhost using syslog-ng.<br>
<br>
I write the following in Apache vhost configue:<br>
<br>
<VirtualHost *><br>
SetEnv V3WUSER w_test-l26-apache-_b8649b<br>
LogFormat "%{V3WUSER}e %h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\"" xcombined<br> CustomLog \
/var/log/apache_aux2_worker2/access_pipe.log xcombined<br> </IfModule><br>
<br>
as a result I get this kind of format of the log file:<br>
<br>
w_test-l26-apache-_b8649b 10.0.2.24 - - [24/May/2016:12:41:33 +0300]<br>
"GET / HTTP/1.1" 200 - "<a href="http://example.com/" rel="noreferrer" \
target="_blank">http://example.com/</a>" "ELinks (0.11.7; Linux \
3.14.46-1gb-csm x86_64; 158x45)"<br> <br>
where the first field is the unique identifier of the virtualhost.<br>
<br>
Next step I write the following in syslog-ng:<br>
<br>
source src_apache_piped_logs {<br>
pipe("/var/log/apache_aux2_worker2/access_pipe.log"<br>
keep_timestamp(no));<br>
};<br>
<br>
destination dst_apache_piped_logs {<br>
file("/var/log/virtwww/${V3WUSER}/access.log"<br>
template("$MSGONLY\n") template-escape(no));<br>
};<br>
<br>
log {<br>
source(src_apache_piped_logs); destination(dst_apache_piped_logs);<br>
};<br>
<br>
Сonsequently I would like to have each log file of the virtualhost<br>
placed in its own catalog and the path should contain the first field of<br>
the message (${V3WUSER} = w_test-l26-apache-_b8649b)<br>
<br>
Is it actually possible?<br>
Thanks in advance for the help.<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div><br></div>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic